Bats Can No Longer Haunt Apple VR Headsets Via Web Exploit

Bug reporting doesn’t usually have a lot of visuals. Not so with the visionOS bug [Ryan Pickren] found, which fills a user’s area with screeching bats after visiting a malicious website. Even better, closing the browser doesn’t get rid of them! Better still? Doesn’t need to be bats, it could be spiders. Fun!

The bug has been fixed, but here’s how it worked: the Safari browser build for visionOS allowed a malicious website to fill the user’s 3D space with animated objects without interaction or permission. The code to trigger this is remarkably succinct, and is actually a new twist on an old feature: Apple AR Quick Look, an HTML-based feature for rendering 3D augmented reality content in Safari.

How about spiders, instead?

Leveraging this old feature is what lets an untrusted website launch an arbitrary number of animated 3D objects — complete with sound — into a user’s virtual space without any interaction from the user whatsoever. The icing on the cake is that Quick Look is a separate process, so closing Safari doesn’t get rid of the pests.

Providing immersive 3D via a web browser is a valuable way to deliver interactive content on both desktops and VR headsets; a good example is the fantastic virtual BBC Micro which uses WebXR. But on the Apple Vision Pro the user is always involved and there are privacy boundaries that corral such content. Things being launched into a user’s space in an interaction-free way is certainly not intended behavior.

The final interesting bit about this bug (or loophole) was that in a way, it defied easy classification and highlights a new sort of issue. While it seems obvious from a user experience and interface perspective that a random website spawning screeching crawlies into one’s personal space is not ideal, is this a denial-of-service issue? A privilege escalation that technically isn’t? It’s certainly unexpected behavior, but that doesn’t really capture the potential psychological impact such bugs can have. Perhaps the invasion of personal space and user boundaries will become a quantifiable aspect of bugs in these new platforms. What fun.

Photo Shows Real Spiders From Mars

A cornerstone of early 1970s rock music culture was the British singer David Bowie in his Ziggy Stardust persona, along with his backing band the Spiders from Mars. You can tell that the PR department at the European Space Agency were beside themselves with glee at the opportunity to reference them when their Mars Express spacecraft snapped a picture of some of the planets surface structures which bear a passing resemblance to Earth-bound spiders. We can’t blame them, we’d have done the same.

While these spiders are definitely not arachnid in origin, they are no less interesting. Over the Martian winter there form layers of carbon dioxide ice, which turn to gas under the influence of the Sun. This gas becomes trapped underneath layers of ice, until it forms sufficient pressure to burst through and escape. In doing so it brings up dark dust which settles along fissures in the ice, leading to the spider-like patterns when viewed from orbit.

So no life on Mars then, at least as yet. But it’s an interesting observation, and another little piece in the puzzle of understanding our planetary neighbor, as well as an excuse for a classic rock earworm. Meanwhile, this isn’t the first time we’ve reported on the ESA Mars probes.

Dead Spider Becomes Robot Gripper: It’s Necrobotics!

Robot arms and grippers do important work every hour of every day. They’re used in production lines around the world, toiling virtually ceaselessly outside of their designated maintenance windows.

They’re typically built out of steel, and powered by brawny hydraulic systems. However, some scientists have gone for a smaller scale approach that may horrify the squeamish. They’ve figured out how to turn a dead spider into a useful robotic gripper.

The name of this new Frankensteinian field? Why, it’s necrobotics, of course!

Continue reading “Dead Spider Becomes Robot Gripper: It’s Necrobotics!”