A graduate student at the Massachusetts Institute of Technology (MIT) claims to have discovered a kernel vulnerability in the device’s operating software immediately after the launch of Apple’s Vision Pro VR headset. In two on February 3rd on X shared posts Joseph Ravichandran, the discoverer of the vulnerability, supports his claim with relevant screenshots and photos.
“If the device crashes, it switches to full passthrough and displays a warning”explains Ravichandran. The message prompts the user to remove the headset. The display will dim in 30 seconds because a restart is required.
One of Ravichandran’s screenshots shows an app that the graduate student probably used to crash the headset. It’s called Vision Pro Crasher and features an icon with a skull wearing a VR headset. A button will appear below that says Crash My Vision Pro.
Ravichandran also shows a screenshot of a crash log. Large parts of it are blacked out, but you can see, for example, information about the kernel version of the headset and the time of the crash on February 2nd.
Exploitation for jailbreaks is conceivable
Kernel exploits are particularly interesting for the development of jailbreaks. The latter allow users to remove usage restrictions imposed by device manufacturers and thereby make blocked functions accessible, change the graphical interface of the operating system or install applications that the manufacturer has not approved. Jailbreaks have appeared repeatedly in the past, especially for Apple devices.
With a jailbreak, users could gain more control over the Vision Pro and use the VR headset in a way that Apple did not intend. Whether the vulnerability discovered by Ravichandran is enough to develop a functioning jailbreak remains questionable for the time being.
A patch for VisionOS came at the end of January
It wasn’t until January 31st that Apple released a security update for VisionOS, the Vision Pro’s operating system, version 1.0.2. published. In doing so, the group eliminated a weak point (CVE-2024-23222), which allows attackers to execute arbitrary code on vulnerable VR headsets using specially crafted web content.
Apple emphasizes that the company has received indications of possible exploitation of this security vulnerability. However, the problem also affected other Apple operating systems, so this exploitation does not necessarily have to have taken place on a Vision Pro. It is still unclear whether Ravichandran’s discovery may be based on CVE-2024-23222, meaning the crash can no longer be reproduced on patched systems.