Skip to main content

Vision Pro bug fixed; websites can no longer fill your room with bats

Apple has fixed a Vision Pro bug which would have allowed a website to fill your room with an unlimited number of virtual 3D objects. Those objects – flying bats in the proof of concept – would then persist even after you quit Safari.

The bug was discovered by a cybersecurity researcher who says Apple took a lot of care to protect against this type of exploit, but it forgot one thing …

Apple has protections against this

Ryan Pickren says that Apple has a specific protection against this in Vision Pro apps.

One of the big areas Apple is rightfully protective of is safeguarding who and what is allowed to enter your personal space inside Vision Pro. Wouldn’t it be awful if a malicious app could scare you by spawning items behind you? Well thankfully, by default, native apps are restricted to a “Shared Space” context, where they act predictably and can be easily closed. 

If an app wants a more immersive experience, they must receive explicit permission from the user via an OS-level prompt that places them in a trusted “Full Space” context.

Websites can use experimental features to achieve the same thing, but Apple extended the Full Space model to apply to websites too.

But the company forgot one thing

But Apple forgot about an AR feature it developed back in 2018. It’s still there in WebKit today, and that includes the Vision Pro build.

There is an older web-based 3D model viewing standard that the visionOS team seemed to have forgotten about – Apple AR Kit Quick Look! Back in 2018, when Apple first started to dabble in AR/VR/XR, they developed a new HTML-based method in iOS for rendering 3D Pixar files called In-Place USDZ Viewing […]

After some quick testing, I noticed that this standard is still alive and well in WebKit (including the visionOS build), and even supports the more modern “.reality” filetype made by Apple’s Reality Composer. In fact, we can even add Spatial Audio so it feels like sound is coming from the object itself. Even better, these features work by default out-of-the-box, so the victim does not need to enable any fancy experimental features.

And here is the fun part – Safari does not enforce any type of permission model on this feature. Furthermore, it does not even require this anchor tag to have been “clicked” by the human. So programatic JavaScript clicking (i.e. document.querySelector(‘a’).click()) works no problem! This means that we can launch an arbitrary number of 3D, animated, sound-creating, objects without any user interaction whatsoever.

If the victim just views our website in Vision Pro, we can instantly fill their room with hundreds of crawling spiders and screeching bats! Freaky stuff.

All a user has to do is simply visit a website, and a couple of seconds later …

Now fixed

Apple paid Pickren an undisclosed, uh, bug bounty for identifying the vulnerability, and it’s now fixed.

Main image: Todd Cravens on Unsplash. Bats gif: Ryan Pickren.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications