Apple has just fixed a bug in Apple Vision Pro which lets websites fill up the user view with 3d objects, obstructing the view. This bug made viewing the environment problematic. Apple has enforced several measures in the new update.
Also, read – Post Malone x Backbone Presenting Their New Mobile Controller
Apple Vision Pro, 3D Object Pile Up Fixed
According to reports, Apple has adopted strict security measures to limit what can enter a user’s environment in Vision Pro. Native apps often operate in a “Shared Space” environment, which ensures predictable behaviour and easy shutdown. To provide a more immersive experience, programs must gain explicit user permission via an OS-level prompt. This grants them access to the “Full Space” context. This authorization paradigm also applies to websites, ensuring a high level of protection for users.
According to the claim, Apple neglected an augmented reality feature announced in 2018. This feature is the AR Kit Quick Look, which uses HTML to render 3D Pixar files in iOS. This standard supports contemporary file types such as Apple’s “.reality” format. It also incorporates Spatial Audio, which improves the realism of 3D objects. These features are enabled by default and do not require the user to activate experimental settings.
The significant error was that Safari did not enforce a permission scheme for this feature. Furthermore, the feature may be triggered through programmatic JavaScript clicking without requiring any user input, according to the research.
As a result, accessing a malicious website may cause the user’s room to be filled with countless animated and sound-producing 3D objects in an instant, creating a potentially scary situation.
The cybersecurity researcher who identified the weakness highlighted the problem, demonstrating how a single website visit might flood a user’s screen with hundreds of spiders or screeching bats. Furthermore, Recognising the severity of this bug, Apple granted the researcher an unknown sum as a bug reward.
