Table of Contents
The “Computer Emergency Response Team (CERT-In)” of India has issued a warning related to multiple concerns in Apple visionOS, which is also the operating system that powers the biggest launch of Apple in 2024. It is noted that it is still not launched in India but the vulnerabilities identified in the Vision OS apply to all the Vision Pro devices operating on a specific version of the operating system.
Why Government issued Warning?
The government found that attackers might utilize this vulnerability to carry out arbitrary codes having kernel privileges. Attackers utilizing these vulnerabilities might terminate the app, cause a denial of service (DoS), and can also acquire sensitive information.
Image Source: Economic Times
Previous incidence of Vulnerabilities in Apple:
Based on the previous reports the vulnerabilities of Apple VisionOS version earlier than 1.2 have caused difficulties in the operating system involving the WebKit, libiconv, CoreMedia, and Kernel.
Additionally, the ability to track the fingerprint of the users means recognizing and tracking the people based on their usage of the device. This vulnerability might enable attackers to bypass security restrictions and effectively violate security safeguards leading them to perform unauthorized access.
The reason behind this vulnerability:
The underlying causes of these vulnerabilities are linked to several technical issues within the VisionOS components.
These include ‘use-after-free’ bugs in the kernel, errors in the CoreMedia and libiconv components, out-of-bounds write and access issues, integer overflows, and type confusion errors in the WebKit component.
Attackers can exploit these technical flaws through maliciously crafted web content, resulting in memory corruption and potential system compromise.
Solutions to stay Protected
People having Apple Vision Pro must update their device to version 1.2 to eliminate the identified vulnerabilities.
Users must be aware of suspicious websites that are crafted to trigger the vulnerabilities of Apple devices.
However, it is important to note that the identification of vulnerabilities in Apple devices would help in strengthening security against potential exploitation. Apple already launched VisionOS 2– the next generation OS for Vision Pro at the WWDC 2024 as well as the others such as iOS 18, and iPadOS 18.
About Apple Vision Pro
Apple Vision Progress Asia Computer blends digital content and apps into the physical space Thereby enabling users to navigate through their voice hands and eyes. This means Apple Vision Pro allows you to use built-in ads such as Safari, Apple TV, and photos and transform the space of individuals with an environment connecting with others in face time calls and also downloading great 3rd party apps from App stores.
In the environment view, users can convert the space around them with beautiful 3-D scenes.
Apple Vision Pro is expected to arrive in countries such as Hong Kong, Japan, China and Singapore on June 13.
Image Source: Apple
Apple announced this device to deliver extraordinary computing performance in a wearable format. This device is also expected to break new opportunities in the healthcare sectors such as medical imaging, surgical planning, clinical education, and behavioral health. It is found that Fortune 100 firms have bought this device for their customers and organizations due to its ability to collaborate on 3D designs, guide remote work, and more.
Nevertheless, if left unaddressed, the identified vulnerabilities could significantly compromise user security by enabling unauthorized access and control over devices. Prompt updates and heightened awareness are crucial to mitigate these risks. Apple’s proactive measures, including the release of VisionOS 2, aim to enhance the security and functionality of its devices, ensuring a safer user experience.