A day after the release of Apple's Vision Pro, a security researcher claims to have created a kernel vulnerability targeting visionOS, opening the way for potential jailbreaks and the creation of malware. The first release of new hardware is often accompanied by a gold rush for security researchers and malware developers to crack the operating system. While jailbreak makers are trying to crack the iOS system, technicians have begun to create security problems for Apple Vision Pro.
Joseph Ravichandran, a doctoral student in microarchitecture security at MIT, claimed on Twitter late Friday that a kernel vulnerability in Apple's Vision Pro had been discovered, possibly the first time a vulnerability has ever been publicly discovered.
In a tweet, iDeviceCentral detailed AppleVisionPro's reaction to the attempted kernel exploit with several photos. After being introduced, Apple Vision Pro goes into full pass-through view and then warns the user to remove the headset as it will reboot within 30 seconds.
After rebooting, another image shows the headset's emergency log, showing that the kernel has crashed. Ravichandran also posted another image of the "VisionProCrasher" app, which features an image of a skull wearing headphones and a "CrashMyVisionPro" button.
It's unclear whether the researcher has submitted the findings to Apple or if they plan to do so. If they submit, they may be eligible for Apple's security bounty program.
Given Apple's tendency to move quickly on security issues, and the high-profile nature of VisionPro releases, it's likely that Apple would have released an update that fixed the issue if it had been disclosed.
At this extremely early stage, and given the slow pace of rolling out devices to generally tech-savvy early adopters, it seems unlikely that this discovery will cause problems for Apple and its users.