Pages: [1]   Go Down
  Print  
Author Topic: Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed  (Read 103 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: September 14, 2024, 04:05:09 pm »

Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed

As reported by WIRED today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, including passwords, PINs, and messages.



" width="1622" height="910" class="aligncenter size-full wp-image-898918

When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard. The researchers created a website with technical details about the so-called "GAZEploit" vulnerability.



In short, the researchers said that a person's gaze typically fixates on a key they are likely to press next, and this can reveal some common patterns. As a result, the researchers said they were able to identify the correct letters people typed in messages 92% of the time within five guesses, and 77% of the time for passwords.



" width="2000" height="1125" class="aligncenter size-full wp-image-934314

The researchers disclosed the vulnerability to Apple in April, according to the report, and the company addressed the issue in visionOS 1.3 in July. The update suspends Personas when the Vision Pro's virtual keyboard is active.



Apple added the following entry to its visionOS 1.3 security notes on September 5:



<strong>Presence</strong>



Available for: Apple Vision Pro



Impact: Inputs to the virtual keyboard may be inferred from Persona



Description: The issue was addressed by suspending Persona when the virtual keyboard is active.



CVE-2024-40865: Hanqiu Wang of University of Florida, Zihao Zhan of Texas Tech University, Haoqi Shan of Certik, Siqi Dai of University of Florida, Max Panoff of University of Florida, and Shuo Wang of University of Florida
The proof-of-concept attack was not exploited in the wild, according to the report. Nonetheless, Vision Pro users should immediately update the headset to visionOS 1.3 or later to ensure they are protected, now that the findings have been shared publicly.<div class="linkback">Related Roundups: Apple Vision Pro, visionOS, visionOS 2</div><div class="linkback">Buyer's Guide: Vision Pro (Buy Now)</div><div class="linkback">Related Forum: Apple Vision Pro</div>
This article, &quot;Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed&quot; first appeared on MacRumors.com

Discuss this article in our forums



Source: Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: