|
Title: Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed Post by: HCK on September 14, 2024, 04:05:09 pm Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed
As reported by WIRED (https://www.wired.com/story/apple-vision-pro-persona-eye-tracking-spy-typing/) today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, including passwords, PINs, and messages. (https://images.macrumors.com/article-new/2023/06/visionOS-Virtual-Keyboard.jpg) When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard. The researchers created a website with technical details about the so-called "GAZEploit" (https://sites.google.com/view/Gazeploit/) vulnerability. In short, the researchers said that a person's gaze typically fixates on a key they are likely to press next, and this can reveal some common patterns. As a result, the researchers said they were able to identify the correct letters people typed in messages 92% of the time within five guesses, and 77% of the time for passwords. (https://images.macrumors.com/article-new/2024/02/dan-persona-vision-pro.jpg) The researchers disclosed the vulnerability to Apple in April, according to the report, and the company addressed the issue in visionOS 1.3 in July. The update suspends Personas when the Vision Pro's virtual keyboard is active. Apple added the following entry to its visionOS 1.3 security notes (https://support.apple.com/en-us/120915) on September 5: <strong>Presence</strong>The proof-of-concept attack was not exploited in the wild, according to the report. Nonetheless, Vision Pro users should immediately update the headset to visionOS 1.3 or later to ensure they are protected, now that the findings have been shared publicly.<div class="linkback">Related Roundups: Apple Vision Pro (https://www.macrumors.com/roundup/apple-vision-pro/), visionOS (https://www.macrumors.com/roundup/visionos/), visionOS 2 (https://www.macrumors.com/roundup/visionos-2/)</div><div class="linkback">Buyer's Guide: Vision Pro (Buy Now) (https://buyersguide.macrumors.com/#AppleVisionPro)</div><div class="linkback">Related Forum: Apple Vision Pro (https://forums.macrumors.com/forums/apple-vision-pro.209)</div> This article, "Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed (https://www.macrumors.com/2024/09/12/vision-pro-persona-typing-security-vulnerability/)" first appeared on MacRumors.com (https://www.macrumors.com) Discuss this article (https://forums.macrumors.com/threads/apple-fixes-vision-pro-security-flaw-that-could-expose-what-you-typed.2436088/) in our forums Source: Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed (https://www.macrumors.com/2024/09/12/vision-pro-persona-typing-security-vulnerability/) |