Apple Vision Pro: Apple releases patch fix for zero-day bug

If taken advantage of, zero-day bug could permit execution of malicious code on affected device
An undated image of a VR device. — Apple
An undated image of a VR device. — Apple

Following a spate of first-hand reviews and reports hinting at the detection of a potential bug in the Apple Vision Pro, the tech giant has released a security patch update for the mixed reality headset.

The security patch particularly designed to eradicate a bug named zero-day, a vulnerability which Apple says “may have been exploited” by hackers in the wild. 

Apple has launched visionOS 1.0.2, the operating system for the Vision Pro, addressing a vulnerability in WebKit, the browser engine powering Safari and other web applications. 

Read more: Vision Pro brings subscription-based CARROT Weather with 3D globe

The bug, if taken advantage of, could permit the execution of malicious code on the affected device. Last year, Apple also issued multiple patches for WebKit bugs, TechCrunch reported.

The same vulnerability was addressed in last week's release of iOS 17.3, covering iPhones, iPads, Macs, and Apple TV, all dependent on WebKit. However, no fixes for this particular bug, identified as CVE-2024-23222, were provided for Apple Watch.

It remains uncertain whether malicious hackers exploited this vulnerability specifically for Apple's Vision Pro. Apple's spokesperson, Scott Radcliffe, declined to disclose this information when questioned by TechCrunch. The identity of those exploiting the vulnerability and their motives also remains unknown.

It is not uncommon for entities like spyware manufacturers to target vulnerabilities in WebKit to infiltrate the device's operating system and access the user's personal data. WebKit vulnerabilities may be exploited when a user visits a malicious domain in their browser or the in-app browser.