Title

Apple visionOS 2 must disable copy/paste of data from managed to unmanaged applications. (Cat II impact)

Discussion

If a user can configure the security setting, the user could inadvertently or maliciously set it to a value that poses unacceptable risk to DOD information systems. An adversary could exploit vulnerabilities created by the weaker configuration to compromise DOD sensitive information. SFR ID: FMT_SMF.1.1 #47

Check Content

Note: If an organization has multiple configuration profiles, the check procedure must be performed on the relevant configuration profiles applicable to the scope of the review. In the visionOS management tool, verify "Require managed pasteboard" is set to "True". If "Require managed pasteboard" is not set to "True", this is a finding.

Fix Text

Configure the Apple visionOS configuration profile to disable copy/paste of data from managed to unmanaged applications. The procedure for implementing this control will vary depending on the MDM/EMM used by the mobile service provider. In the MDM console, set "Require managed pasteboard" to "True".

Additional Identifiers

Rule ID: SV-276412r1146732_rule

Vulnerability ID: V-276412

Group Title: PP-MDF-993300

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.