The World's First Spatial Computing Hack
Tl;Dr - I found a bug in visionOS Safari that allows a malicious website to bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects (CVE-2024-27812). These objects persist in your space even after you exit Safari. I reported this bug to Apple in February 2024 and they fixed it in June and awarded me a bounty.
Before we jump in, I want to set the stage - this is not a long, complicated, kill-chain write-up like my previous posts. This is a fun short story about exploring a new piece of technology, discovering an unusually "scary" vulnerability, and revealing the pitfalls of bug triaging. We aren't breaking SOP or gaining unauthorized camera access today. No, today we have a different mission - we are trying to hack "Spatial Computing ."
When Tim Cook announced the Vision Pro in 2023, he made it very clear that this was a different type of Apple device. This marvel of engineering is a magic face computer that tracks your eyes and fills your home with virtual 3D objects. This deeply personal interaction reasonably made people nervous about privacy and security, which is why Apple built-in a plethora of privacy protections. Let's take a brief look at some of them.
/https%3A%2F%2Ftf-cmsv2-smithsonianmag-media.s3.amazonaws.com%2Ffiler_public%2F79%2F64%2F7964e23e-abcf-409b-af0d-df56a2216c06%2Fjulaug2024_g10_berenike.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25373273/STK451_Internet_Service_Providers_C.jpg)