A day right after reporters released their first arms-on evaluate of Apple’s Vision Pro, the technology large unveiled its 1st protection patch for the mixed truth headset to correct a vulnerability that “may have been exploited” by hackers in the wild.
On Wednesday, Apple launched visionOS one..2, the software package that operates on the Eyesight Pro, with a take care of for a vulnerability in WebKit, the browser engine that runs Safari and other web applications. Apple said the bug, if exploited, permitted destructive code to run on an influenced system.
It is the very same vulnerability that Apple patched past week when it rolled out iOS 17.three, which integrated fixes for iPhones, iPads, Macs and Apple Tv set — all of which rely on WebKit. No patches for this bug, formally tracked as CVE-2024-23222, ended up produced for Apple Check out.
It’s not quickly very clear if malicious hackers utilized the vulnerability to specifically exploit Apple’s Eyesight Pro, and Apple spokesperson Scott Radcliffe would not say when requested by TechCrunch.
It also isn’t nevertheless known who was exploiting the vulnerability, or for what cause.
It is not unusual for malicious actors, these types of as spy ware makers, to concentrate on weaknesses in WebKit as a way to crack into the device’s underlying functioning process and the user’s individual details. WebKit bugs can occasionally be exploited when a sufferer visits a destructive domain in their browser, or the in-app browser.
Apple rolled out several patches for WebKit bugs very last 12 months.
Eyesight Professional is envisioned to be offered starting up Friday.