CVE-2024-27812

Name of the Vulnerable Software and Affected Versions visionOS versions prior to 1.2

Description The issue is related to an uncontrolled resource consumption in the WebKit component of the visionOS operating system. Exploitation of this issue may allow a remote attacker to inject arbitrary 3D objects and cause a denial-of-service. Processing web content may lead to a denial-of-service. The issue was addressed with improvements to the file handling protocol.

Recommendations For versions prior to 1.2, update to visionOS 1.2 to resolve the issue. As a temporary workaround, consider restricting the processing of web content to minimize the risk of exploitation.