Apple has recently rolled out the visionOS 2.1 update for its Apple Vision Pro mixed reality headset, addressing many critical security vulnerabilities that could have significant implications for user privacy and device integrity.
The update includes fixes for over 25 security issues that could allow malicious actors to execute arbitrary code, access sensitive data, or cause system crashes.
Among the most significant vulnerabilities patched is a kernel memory corruption issue that could enable apps to cause unexpected system termination or corrupt kernel memory.
The update also addresses several WebKit-related vulnerabilities, including one that could lead to unexpected process crashes when processing maliciously crafted web content.
Protecting Your Networks & Endpoints With UnderDefense MDR – Request Free Demo
Vulnerabilities Patched
The visionOS 2.1 update targets several high-severity vulnerabilities identified across various operating system components.
One key issue addressed is a path handling problem that could allow malicious apps to run arbitrary shortcuts without user consent, potentially leading to unauthorized access to sensitive data. This has been resolved through improved logic checks (CVE-2024-44255).
Another critical vulnerability involved the CoreMedia Playback component, where a malicious app could access private information due to improper handling of symlinks. This issue has been mitigated with enhanced symlink handling (CVE-2024-44273).
Several kernel-level vulnerabilities have been patched, including an information disclosure issue that could allow apps to leak sensitive kernel states. This has been addressed through improved private data redaction for log entries (CVE-2024-44239).
Additionally, a use-after-free issue in the IOSurface component, which could cause unexpected system termination or corrupt kernel memory, has been fixed with improved memory management (CVE-2024-44285).
WebKit, the web engine powering Safari on the Apple Vision Pro, has also received significant updates. Issues such as memory corruption and the failure to enforce Content Security Policy (CSP) when processing maliciously crafted web content have been addressed through improved input validation and checks (CVE-2024-44244, CVE-2024-44296).
To enhance user privacy, Apple has fixed several vulnerabilities related to data leakage. For instance, a bug in the Lock Screen that allowed users to view sensitive information has been rectified with improved redaction of sensitive data (CVE-2024-44262).
Similarly, issues in Siri and system logs that could expose sensitive user data have been resolved with enhanced redaction and validation measures (CVE-2024-44194, CVE-2024-44278).
Other Notable Fixes
Other notable fixes include:
- ImageIO: Multiple issues related to processing images, including out-of-bounds reads and denial-of-service vulnerabilities, have been addressed with improved input validation and bounds checks (CVE-2024-44215, CVE-2024-44297).
- Managed Configuration: A vulnerability that allowed malicious backup files to modify protected system files has been fixed with improved handling of symlinks (CVE-2024-44258).
- Safari Downloads: An issue that could allow attackers to misuse trust relationships to download malicious content has been resolved through improved state management (CVE-2024-44259).
Users of the Apple Vision Pro are strongly advised to update their devices to visionOS 2.1 as soon as possible to mitigate these security risks. The update is available through the standard software update process.
Apple’s proactive approach to addressing these vulnerabilities underscores the company’s commitment to ensuring the security and privacy of its users, particularly in emerging technologies like mixed reality.
Apple has acknowledged the contributions of several security researchers and teams, including those from Trend Micro Zero Day Initiative, CrowdStrike Counter Adversary Operations, and various individual researchers, for their role in identifying and reporting these vulnerabilities. This collaborative effort is crucial in maintaining the security posture of Apple’s ecosystem.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!