OverviewTl;Dr - I found a bug in visionOS Safari that allows a malicious website to bypass all warnings and forcefully fill your room with an arbitrary number of animated 3D objects (CVE-2024-27812). These objects persist in your space even after you exit Safari. I reported this bug to Apple in February 2024 and they fixed it in June and awarded me a bounty.DisclaimerBefore we jump in, I want to set the stage - this is not a long, complicated, kill-chain write-up like my previous posts. This is ...