Virtual spider plague reveals new threats › ifun.de

Developer Ryan Pickren Drawing attention to a new class of threats through an unusual hack. Devices like the Apple Vision Pro not only expand their users' reality, but also provide the basis for entirely new virtual attack scenarios.

Pickren emphasizes that his work was about exploring these new avenues and showing in a striking way that Apple also needs to reconsider its assessment of the potential risks associated with glasses. Classic methods of searching for and analyzing malware are no longer sufficient here, at least partially.

Spiders and bats in the room

The attack example created by the developer at least gives an idea of ​​the new capabilities. After visiting a modified website, an Apple Vision Pro user suddenly saw spiders crawling through his room and was attacked by a swarm of bats. To get rid of these virtual attackers, it is not enough to close the website or Safari on Vision Pro, you have to run around the room and click on each one individually.

It simply bypassed Apple's protection mechanisms

Apple has integrated various security mechanisms into its VisionOS glasses operating system, not least to prevent such additional threats. However, Pickren explains that some of these can be surprisingly easily avoided. In his example, it seems that it was sufficient to rely on the “Quick Look” augmented reality technology that Apple introduced six years ago and seems to have already forgotten, in order to circumvent all precautionary measures and restrictions.

Quick Look lets you create web content that can also exist outside of Safari once you access it. In addition, using Apple's “Spatial Audio” technology, the developer was able to equip his rackets with the ability to emit sounds in the form of screams that can be spatially perceived and therefore come from different directions in the room.

The bug was fixed in VisionOS 1.2

According to Pickren, the vulnerability was reported to Apple in February and was fixed with an update to VisionOS 1.2 two weeks ago. However, the text description published by Apple only comes close to doing justice to the options that were already available on this basis.