A day after reporters printed their first hands-on overview of Apple’s Imaginative and prescient Professional, the know-how big launched its first security patch for the combined actuality headset to repair a vulnerability that “could have been exploited” by hackers within the wild.
On Wednesday, Apple launched visionOS 1.0.2, the software program that runs on the Imaginative and prescient Professional, with a repair for a vulnerability in WebKit, the browser engine that runs Safari and different net apps. Apple stated the bug, if exploited, allowed malicious code to run on an affected gadget.
It’s the identical vulnerability that Apple patched final week when it rolled out iOS 17.3, which included fixes for iPhones, iPads, Macs and Apple TV — all of which depend on WebKit. No patches for this bug, formally tracked as CVE-2024-23222, had been launched for Apple Watch.
It’s not instantly clear if malicious hackers used the vulnerability to particularly exploit Apple’s Imaginative and prescient Professional, and Apple spokesperson Scott Radcliffe wouldn’t say when requested by information.killnetswitch.
It additionally isn’t but recognized who was exploiting the vulnerability, or for what cause.
It’s not unusual for malicious actors, comparable to spyware and adware makers, to focus on weaknesses in WebKit as a solution to break into the gadget’s underlying working system and the person’s private knowledge. WebKit bugs can generally be exploited when a sufferer visits a malicious area of their browser, or the in-app browser.
Apple rolled out a number of patches for WebKit bugs final 12 months.
Imaginative and prescient Professional is anticipated to be out there beginning Friday.
