Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed
As reported by WIRED today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, including passwords, PINs, and messages. When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona’s eye movement or “gaze” to determine what the user was typing on the headset’s virtual keyboard. The researchers created a website with technical details about the so-called “GAZEploit” vulnerability. In short, the researchers said that a person’s gaze typically fixates on a key they are likely to press next, and this can reveal some common patterns. As a result, the researchers said they were able to identify the correct letters people typed in messages 92% of the time within five guesses, and 77% of the time for passwords. The researchers disclosed the vulnerability to Apple in April, according to the report, and the company addressed the issue in visionOS 1.3 in July. The update …