Skip to content

Security Researcher Discovers Vulnerability In Apple’s Vision Pro

Last Updated on February 6, 2024 by Dominic

Apple launched its most talked about mixed reality headset, Apple Vision Pro, on February 2, 2024, in the U.S.

However, just a day after the release of the product, the headset was hacked by a security researcher.

Security Researcher Discovers Vulnerability In Apple’s Vision Pro

Joseph Ravichandran (@0xjprx), an MIT Microarchitectural Security PhD student, announced his accomplishment in a late Friday tweet on X, in which he claimed to have discovered the world’s first critical kernel flaw in visionOS – the operating system that powers Apple’s Vision Pro – which could potentially facilitate jailbreaks and malware attacks.

 

 

In the post, Ravichandran shared images to show how Apple Vision Pro Vision reacted to an attempted kernel exploit. He has shared a snapshot of a custom application named “Vision Pro Crasher,” complete with a skull wearing a headset and a button called “Crash My Vision Pro.” When tapped, the Vision Pro crashes.

When it comes back up, the device goes into “perspective mode” and displays a warning to the user to remove the device within 30 seconds so that it can reboot. Further, another image shows a panic log for the headset after the device restarted, indicating a kernel crash.

It needs to be clarified if Ravichandran has reported his findings to Apple or has already submitted them. Given Apple’s history of quickly addressing security flaws, especially with high-profile products like the Vision Pro, it’s likely that Apple will release an update to fix the issue.

Apple’s Vision Pro headset is now available in U.S. stores for $3,499, with an additional $149 charge for prescription lenses.