### Key Information #### visionOS 1.2 - **Release Date**: June 10, 2024 - **Affected Devices**: Apple Vision Pro #### Vulnerability Overview | Component | CVE-ID | Impact | Description | Discoverer/Fixer | |-------------------|---------------|------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|-----------------------------------------------------| | AVEVideoEncoder | CVE-2024-40771| Applications may be able to execute arbitrary code with kernel privileges | Fixed by improving memory handling. | An anonymous researcher | | CoreMedia | CVE-2024-27817| Applications may be able to execute arbitrary code with kernel privileges | Fixed by improving checks. | Ant Security Light-Year Lab, pattern-f (@pattern_F_) | | CoreMedia | CVE-2024-27831| Processing files may lead to unexpected application termination or arbitrary code execution | Fixed out-of-bounds write issue by improving input validation. | Amir Bazine and Karsten König of CrowdStrike Counter Adversary Operations | | Disk Images | CVE-2024-27832| Applications may be able to escalate privileges | Fixed by improving checks. | An anonymous researcher | | ... | ... | ... | ... | ... | #### Additional Information - Apple references vulnerabilities on the security updates page using CVE-ID whenever possible. - For more information on security, please refer to the Apple Product Security page. - This document was last updated on January 15, 2025.