An Amazon engineer-turned-ethical-hacker finds a bug that allows websites to force animated 3D objects like spiders or bats into the Vision Pro’s spatial environment.
A white-hat hacker found an exploit for the Apple Vision Pro that could allow an attacker to spawn 3D animated objects or critters into a victim’s environment. All the Vision Pro wearer would have to do is visit a random website via its Safari app.
„I found a bug in visionOS Safari that allows a malicious website to bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects“, writes Ryan Pickren, founder of BugPoC and former Amazon security engineer.
Pickren discovered the issue, CVE-2024-27812, back in February.
