About the security content of visionOS 1.1

This document describes the security content of visionOS 1.1.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

visionOS 1.1

Accessibility

Available for: Apple Vision Pro

Impact: An app may be able to spoof system notifications and UI

Description: This issue was addressed with additional entitlement checks.

CVE-2024-23262: Guilherme Rambo of Best Buddy Apps (rambo.codes)

ImageIO

Available for: Apple Vision Pro

Impact: Processing an image may result in disclosure of process memory

Description: The issue was addressed with improved memory handling.

CVE-2024-23257: Junsung Lee working with Trend Micro Zero Day Initiative

ImageIO

Available for: Apple Vision Pro

Impact: Processing an image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2024-23258: Zhenjiang Zhao of pangu team, Qianxin, and Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations

ImageIO

Available for: Apple Vision Pro

Impact: Processing an image may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2024-23286: Junsung Lee working with Trend Micro Zero Day Initiative, Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations, Dohyun Lee (@l33d0hyun), and Lyutoon and Mr.R

Kernel

Available for: Apple Vision Pro

Impact: An app may be able to access user-sensitive data

Description: A race condition was addressed with additional validation.

CVE-2024-23235

Kernel

Available for: Apple Vision Pro

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2024-23265: Xinru Chi of Pangu Lab

Kernel

Available for: Apple Vision Pro

Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Description: A memory corruption issue was addressed with improved validation.

CVE-2024-23225

Metal

Available for: Apple Vision Pro

Impact: An application may be able to read restricted memory

Description: A validation issue was addressed with improved input sanitization.

CVE-2024-23264: Meysam Firouzi @R00tkitsmm working with Trend Micro Zero Day Initiative

Persona

Available for: Apple Vision Pro

Impact: An unauthenticated user may be able to use an unprotected Persona

Description: A permissions issue was addressed to help ensure Personas are always protected

CVE-2024-23295: Patrick Reardon

RTKit

Available for: Apple Vision Pro

Impact: An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited.

Description: A memory corruption issue was addressed with improved validation.

CVE-2024-23296

Safari

Available for: Apple Vision Pro

Impact: An app may be able to fingerprint the user

Description: The issue was addressed with improved handling of caches.

CVE-2024-23220

UIKit

Available for: Apple Vision Pro

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed by removing the vulnerable code.

CVE-2024-23246: Deutsche Telekom Security GmbH sponsored by Bundesamt für Sicherheit in der Informationstechnik

WebKit

Available for: Apple Vision Pro

Impact: Processing web content may lead to arbitrary code execution

Description: The issue was addressed with improved memory handling.

CVE-2024-23226: Pwn2car

WebKit

Available for: Apple Vision Pro

Impact: A malicious website may exfiltrate audio data cross-origin

Description: The issue was addressed with improved UI handling.

CVE-2024-23254: James Lee (@Windowsrcer)

WebKit

Available for: Apple Vision Pro

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved validation.

CVE-2024-23263: Johan Carlsson (joaxcar)

WebKit

Available for: Apple Vision Pro

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A logic issue was addressed with improved state management.

CVE-2024-23284: Georg Felber and Marco Squarcina

Additional recognition

Kernel

We would like to acknowledge Tarek Joumaa (@tjkr0wn) and 이준성(Junsung Lee) for their assistance.

Model I/O

We would like to acknowledge Junsung Lee for their assistance.

Power Management

We would like to acknowledge Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd. for their assistance.

Safari

We would like to acknowledge Abhinav Saraswat, Matthew C, and 이동하 ( Lee Dong Ha of ZeroPointer Lab ) for their assistance.

WebKit

We would like to acknowledge Valentino Dalla Valle, Pedro Bernardo, Marco Squarcina, and Lorenzo Veronese of TU Wien for their assistance.