Vision Pro isn’t out yet but Apple has already patched a serious zero-day flaw

Macworld

Last week Apple released iOS 17.3, iPadOS 17.3, macOS 14.3, tvOS 17.3, and Safari 17.3 to fix a serious zero-day WebKit vulnerability that may have been exploited in the wild. Ahead of the Apple Vision Pro launch on Friday, visionOS is getting the same fix.

According to Apple’s security update page, visionOS 1.0.2 contains just one security patch. It’s unclear what else is in the update, but it likely includes the same bug fixes and performance improvements as the 1.0.1 update that arrived last week. Here’s how Apple describes the fix:

WebKit (CVE-2024-23222)

Available for: Apple Vision Pro

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited.

Description: A type confusion issue was addressed with improved checks.

WebKit Bugzilla: 267134

Vision Pro includes a similar Safari build as the iPad, so it will likely receive the same WebKit security updates moving forward. Apple has yet to launch a visionOS 1.1 beta, but that will likely arrive next week once people have devices to test it on.

Apple Vision Pro arrives in stores on Friday, February 2. Apple is estimated to have sold 200,000 of the $3,499 devices during the two-week preorder period and will likely treat the launch with a good amount of fanfare at its stores. There is currently a countdown clock on its website that ends at 8am ET. You can learn more in our complete guide to the Vision Pro.

Apple Inc, Security Software and Services, Virtual Reality