The Apple Vision Pro has already been hacked - Apple says there's nothing to worry about, but security experts disagree

Apple Vision Pro battery pack
(Image credit: Future / Lance Ulanoff)

Apple has already released a security patch for its Vision Pro headset, just one day after reviews were published.

Apple says the vulnerability "may have been exploited" already by hackers, and it concerns the device's Safari web browser engine, WebKit, which would have allowed threat actors to execute malicious code.

The tech giant patched the same flaw last week in the new iOS 17.3, which fixes not just iPhones and iPads, but also Macs and Apple TV. Apple Watch is still without a patch, however.

Already exploited?

TechCrunch asked Apple spokesperson Scott Radcliffe if the hackers used the flaw to target the Vision Pro specifically, but he "would not say."

It isn't known if the flaw was exploited for sure, but WebKit has proved a popular target for threat actors, such as spyware vendors, as it can give access to personal data and the whole operating system

Users are at risk of this flaw when they visit dangerous web domains in their browser or via apps. Numerous patches for WebKit were also rolled out last year by Apple. 

In January 2023, a flaw in the engine could have let hackers take full control of older iPhones and iPads. And in October of the same year, researchers discovered a way to steal passwords and other data from many Apple devices with A- and M- series chips, via Safari on Macs or any browser on iPhone and iPad, since they all rely on WebKit.

Interestingly, despite Apple requiring all browsers on its mobile devices to run on WebKit, Google Chromium engineers have been testing out the Blink engine on iOS, which powers Chrome in other instances, to see how well it would run, perhaps anticipating that Apple will at some point open the doors beyond WebKit. 


Lewis Maddison
Staff Writer

Lewis Maddison is a Staff Writer at TechRadar Pro. His area of expertise is online security and protection, which includes tools and software such as password managers. 

His coverage also focuses on the usage habits of technology in both personal and professional settings - particularly its relation to social and cultural issues - and revels in uncovering stories that might not otherwise see the light of day.

He has a BA in Philosophy from the University of London, with a year spent studying abroad in the sunny climes of Malta.