- By Vikas Yadav
- Fri, 14 Jun 2024 02:09 PM (IST)
- Source:JND
Apple Vision Pro News: The Indian Computer Emergency Response Team (CERT-In), functioning under the Ministry of Electronics and Information Technology, warns Indians of vulnerabilities in popular software systems such as Android, iOS, Chrome and more at regular intervals. And in a fresh move, the company has now highlighted vulnerabilities in the software of Apple's first spatial computer - Vision Pro.
According to CERT-In, the affected software includes versions before visionOS 1.2. The vulnerability note says these vulnerabilities in the Apple device could allow attackers to execute arbitrary codes in the system with kernel privileges. Plus, this could lead to unexpected app termination, bypassing protections in kernel memory and security infrastructure and denial of service (DoS) conditions (to overwhelm the system via multiple requests which may lead to software crashes).
With these flaws, an attacker could access sensitive information (including the device's data) or gain elevated privileges on an affected Vision Pro. This implies an attacker could compromise, perform malicious activity and change system settings (otherwise limited to the administrator) on the device. Moreover, the ability to "fingerprint the user" could facilitate unauthorised profiling of users.
Apple has not launched its Vision Pro in India at the time of filing. (Image:Apple)
All these flaws could hamper the security design of the device and disrupt access. For context, these vulnerabilities existed because of "use after free issues in Kernel", CoreMedia and libiconv component errors, out-of-bounds write and access issues, integer overflow, and type confusion issue in the WebKit, according to the national nodal agency.
The attacker may manipulate these susceptibilities to send "maliciously crafted web content and trigger memory corruption" to compromise a system. To ensure protection from these vulnerabilities, Vision Pro users must update to the latest version - visionOS 1.2, released by Apple on June 10. Meanwhile, Apple introduced the visionOS 2 developer preview at the WWDC 2024 event. It is expected to roll out as a stable release later this year.