Joseph Ravichandran, a PhD student at MIT, claims to have hacked the Apple Vision Pro headset shortly after its release, uncovering a security vulnerability in the visionOS software. This exploit, known as a kernel exploit, targets the device’s operating system and could potentially allow for unauthorized access, malware creation, or jailbreaking. Ravichandran’s demonstration on X showcases the exploit’s functionality, including a feature where the device switches to full passthrough mode upon crashing.
While it’s unclear if Ravichandran has contacted Apple regarding the exploit, there is speculation that he may be eligible for compensation through the company’s Security Bounty program. Apple has since updated its Vision Pro user guide to warn against unauthorized modifications to the visionOS, cautioning users about potential security vulnerabilities, instability, and battery life issues that may arise from jailbreaking the device. The tech giant emphasizes that unauthorized modifications violate the visionOS Software License Agreement and may result in denial of service for the Apple Vision Pro.
Furthermore, Apple warns that hacking the headset could disrupt essential services like iCloud, FaceTime, and Apple Pay, while also impacting third-party apps that rely on push notifications. This revelation underscores the ongoing battle between security researchers and tech companies to identify and mitigate vulnerabilities in their products. As users await further developments, the incident serves as a reminder of the importance of maintaining robust security measures in emerging technologies like augmented reality headsets.
Reference:
- Student discovers ‘first ever’ Apple Vision Pro hack
- The world’s first(?) kernel exploit for Vision Pro- on launch day!
