Since its dev kit release last Spring, the Microsoft HoloLens has managed to skate on by as a tool for app developers and businesses to gain a new perspective with mixed reality. Now marks another momentous occasion for the HoloLens, its first Patch Tuesday security update (via TechRepublic).
Yesterday’s large security release included over 50 fixes for vulnerabilities, including one for the Microsoft HoloLens. The flaw found in the mixed reality headset allowed cyberattackers access to the headset so much that they could take remote control of it.
According to the Security Update details page, Microsoft published the CVE-2017-8585 fix to address the flaw.
A remote code execution vulnerability exists when HoloLens improperly handles objects in memory. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.To exploit this vulnerability, an attacker would need to send a specially crafted WiFi packet.The update addresses the vulnerability by correcting how Hololens handles objects in memory.
Further reading: HoloLens, Microsoft, Mixed reality, Security update