In the aftermath of Apple’s Vision Pro launch on Friday, 2nd February, there have been security concerns regarding the product, following MIT PhD student, Joseph Ravichandran’s discovery of a critical kernel vulnerability within the device’s operating system, visionOS.
Ravichandran, who specialises in microarchitecture security, noted that the identified vulnerability within visionOS can potentially enable jailbreaking and the creation of malicious software targeting the Vison Pro. In a demonstration conducted on the day following the headset’s release, Ravichandran showcased the device’s response to an attempted kernel exploit through a series of photographs, showing the severity of the uncovered flaw.
This discovery has prompted discussions within the tech community, as security experts and hackers engage in a race to exploit the newly introduced operating system. Interested parties also await Apple’s response and efforts to address the issue and strengthen the security of its new headset.
Currently, it remains unclear whether Ravichandran has reported his findings to Apple or intends to do so in the future. If disclosed, there’s the possibility that the discoveries could be included in Apple’s Security Bounty program.
However, given Apple’s track record of promptly addressing security issues and the significant visibility of the Vision Pro launch, chances are high that an update will be swiftly deployed to rectify the identified vulnerability, should it be officially disclosed.
At present, the likelihood of this revelation being a headache for Apple and its user base appears minimal, thanks to the company’s proactive approach to security concerns and anticipated diligence in addressing such matters.