Photo Credit: Brian Heater Just a day after Apple’s Vision Pro received its first media review, the company released a security patch to address a vulnerability that may have been exploited by hackers. On Wednesday, Apple rolled out visionOS 1.0.2, the operating system for Vision Pro, to fix a vulnerability in WebKit, the browser engine powering Safari and other web applications. Apple stated that the flaw, if exploited, could allow malicious code to execute on a compromised device. This is the same issue Apple addressed last week with the release of iOS 17.3, which provided fixes for iPhones, iPads, Macs, and Apple TV – all of which utilize WebKit. No patches for this bug, officially referred to as CVE-2024-23222, have been made available for the Apple Watch. It remains unclear whether the Apple Vision Pro was targeted by hackers using this vulnerability, and Apple spokesperson Scott Radcliffe declined to comment when approached by TechCrunch. The identity and motives of the exploiters are also unknown. It is not uncommon for malicious actors, such as spyware developers, to seek out WebKit vulnerabilities as a means to gain access to the device’s operating system and personal information. WebKit bugs can sometimes be exploited if a user visits a malicious website in their browser or in-app browser. Apple issued multiple bug fixes for WebKit last year. The Vision Pro is set to be available starting Friday.
![](data:image/svg+xml;charset=utf-8,<svg height="683" width="1024" xmlns="http://www.w3.org/2000/svg" version="1.1"/>)
