Apple has patched a nightmarish Apple Vision Pro bug that allowed websites to render 3D models of bats and spiders in Safari.
As reported by our friends at PC Gamer, the bug was discovered by Ryan Pickren, who uncovered a bug in visionOS that "a malicious website to bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects." According to Pickren, while Apple has done plenty of work to ensure apps and websites can't randomly spawn objects in your personal space, it forgot about its old web-based 3D model standard Apple AR Kit Quick Look.
As such, Pickren found a hack that meant "any website could instruct mobile Safari to treat the link as an in-place 3D model," even adding Spatial Audio sounds to the models too. The crux? "This means that we can launch an arbitrary number of 3D, animated, sound-creating, objects without any user interaction whatsoever... If the victim just views our website in Vision Pro, we can instantly fill their room with hundreds of crawling spiders and screeching bats! Freaky stuff."
Apple Vision Pro nightmare
As you can imagine, this is quite a problematic bug for users of Vision Pro, especially any who happen to be arachnophobes. Findings in hand, Pickren reported the issue to Apple in February, and Futurism reports it was patched in the June visionOS 1.2 update. What a relief.
Also in June, Apple unveiled visionOS 2 at WWDC 2024. The update features new tools including tech that can turn any photo into a spatial photo, new gestures, and a big upgrade to Mac Virtual Display that brings ultra-wide display support.
visionOS 2 is expected in September alongside iOS 18, macOS Sequoia, iPadOS 18, and Apple Intelligence, the company's new AI tools baked into its software.