\n<\/p>\n
A day after reporters published their first hands-on review of Apple\u2019s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability that \u201cmay have been exploited\u201d by hackers in the wild.<\/p>\n
On Wednesday, Apple released visionOS 1.0.2, the software that runs on the Vision Pro, with a fix for a vulnerability in WebKit, the browser engine that runs Safari and other web apps. Apple said the bug, if exploited, allowed malicious code to run on an affected device.<\/p>\n
It\u2019s the same vulnerability that Apple patched last week when it rolled out iOS 17.3<\/a>, which included fixes for iPhones, iPads, and Apple TV \u2014 all of which rely on WebKit. No patches for this bug, officially tracked as CVE-2024-23222<\/a>, were released for Apple Watch.<\/p>\n It\u2019s not immediately clear if malicious hackers used the vulnerability to specifically exploit Apple\u2019s Vision Pro, and Apple spokesperson Scott Radcliffe would not say when asked by TechCrunch.<\/p>\n It also isn\u2019t yet known who was exploiting the vulnerability, or for what reason.<\/p>\n It is not uncommon for malicious actors, such as spyware makers, to target weaknesses in WebKit as a way to break into the device\u2019s underlying operating system and the user\u2019s personal data. WebKit bugs can sometimes be exploited when a victim visits a malicious domain in their browser, or the in-app browser.<\/p>\n Apple rolled out several patches for WebKit bugs last year.<\/p>\n Vision Pro is expected to be available starting Friday.<\/p>\n<\/p><\/div>\n