The highly anticipated release of the Apple Vision Pro mixed reality headset took a startling turn. Barely one day after its release on February 2nd, 2024, Joseph Ravichandran, a PhD student at the Massachusetts Institute of Technology announced that he had hacked the device. Learn more about the security exploit, Apple’s response, and what it means for Ravichandran and the device users.

Basically, the Apple Vision Pro is a computer goggle that is worn on the face. However, its use is what sets it apart. Whereas the traditional display style is to show output on a screen, the Vision Pro projects them directly into your eyes.
To achieve this, the gadget makes use of two small but high-resolution displays that are positioned at a small distance away from the user’s eyes.

One outstanding aspect of the VisionPro is the kind of control it runs by. Rather than the usual keyboard, mouse, and touch screen, the device uses a technology that receives commands by tracking the movement and gestures of the user’s eyes.
What this means is that the computer watches both your eyes and your hands to know what action you desire it to take.

Amongst its exciting features, one that stands out and which Apple didn’t fail to emphasize is its display background. The device uses a background picture of a physical space around you as the canvas for its displays.
So, this means that the perceived viewing area is unlimited. This ability was what prompted the technology giant to term the device “the spatial computer.”

Typically, following the launch of such a high-profile device, a green light is set off in the tech community. For a number of reasons, hackers, security experts, and researchers begin to race against one another to discover a weakness in the system.
Joseph, a researcher at MIT, was one of the participants in this “gold rush.” He was the first to discover a vulnerability and amazingly, he did so in just a few hours.

Joseph had the pleasure of breaking the news of his achievement using his X account. He posted multiple photos of his success with the caption “The world’s first(?) kernel exploit for Vision Pro on launch day!”
He made the post on February 3rd, and graciously inserted a question mark in his claim, just in case someone else had beaten him to it.

Just in case you’ve been wondering what the term means. “Kernel Exploit” or “Kernel Vulnerability” refers to a weakness or weak spot in the Apple Vision Pro software.
This weak link, when exploited can result in a crash of the headset. Consequently, the headset will only show what’s in front of you instead of the normal display of digital images. This abnormal display is a symptom of what’s called a “full passthrough view.”

The photos Joseph posted on X showed the response of the gadget to the new situation. After switching to the full passthrough view, the Vision Pro advised him to remove the headset in the next 30 seconds before it restarted. Apparently, the restart was to allow the software to rectify the situation.
The second photo he posted showed the technology’s response after the restart which was a panic log that confirmed the crash.

Unfortunately, the kernel exploit could have some not-so-palatable implications for Vision Pro users. But that’s if Apple fails to do its job.
If this compromise persists, hackers could take advantage to gain deep access into the device’s software and plant malicious software (also called malware) to steal the data of users, possibly also leading to financial losses for victims. But given Apple’s reputation for safety and information privacy, this isn’t likely to happen.

Of course, Apple will be grateful for the efforts of Joseph, which has led them to a major security challenge for their new product. Now, the company will focus on repairing the breach.
But there could be something in it for Joseph. In addition to the fame he has earned, the Microarchitectural Security student could be eligible for some financial reward via the Apple Security Bounty Program.

Just after photos of the hack surfaced on the internet, we noticed that Apple updated their Vision Pro user guide. In addition to the original content, the tech giant warned against jailbreaking the headset as it could cause the gadget to become “permanently inoperable” for the user.
The user guide also stated that “Unauthorized modifications to Vision OS bypass security features and can cause numerous issues such as security vulnerabilities, instability, and shortened battery life to the hacked Apple Vision Pro.”

Obviously, the Vision Pro, just like many novel tech introductions, is still very much a work in progress. Besides addressing the device’s security, Apple also recognizes that acceptance may be pretty slow at the initial stages.
In fact, indications already show that many users aren’t satisfied with the device. But Apple is known to weather storms such as this. Joseph’s discovery has taken the company a step closer to perfecting the mixed reality gadget.