Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed

by

As reported by WIRED today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, including passwords, PINs, and messages.

visionOS Virtual Keyboard
When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard. The researchers created a website with technical details about the so-called "GAZEploit" vulnerability.

In short, the researchers said that a person's gaze typically fixates on a key they are likely to press next, and this can reveal some common patterns. As a result, the researchers said they were able to identify the correct letters people typed in messages 92% of the time within five guesses, and 77% of the time for passwords.

dan persona vision pro
The researchers disclosed the vulnerability to Apple in April, according to the report, and the company addressed the issue in visionOS 1.3 in July. The update suspends Personas when the Vision Pro's virtual keyboard is active.

Apple added the following entry to its visionOS 1.3 security notes on September 5:

Presence

Available for: Apple Vision Pro

Impact: Inputs to the virtual keyboard may be inferred from Persona

Description: The issue was addressed by suspending Persona when the virtual keyboard is active.

CVE-2024-40865: Hanqiu Wang of University of Florida, Zihao Zhan of Texas Tech University, Haoqi Shan of Certik, Siqi Dai of University of Florida, Max Panoff of University of Florida, and Shuo Wang of University of Florida

The proof-of-concept attack was not exploited in the wild, according to the report. Nonetheless, Vision Pro users should immediately update the headset to visionOS 1.3 or later to ensure they are protected, now that the findings have been shared publicly.

Related Roundups: Apple Vision Pro, visionOS 2
Buyer's Guide: Vision Pro (Neutral)
Related Forum: Apple Vision Pro

Popular Stories

AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Friday April 18, 2025 5:16 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article99 comments
iphone 17 air dummy unbox therapy

iPhone 17 Air's Extreme Thinness Demoed in New Video

Tuesday April 22, 2025 10:22 am PDT by
Apple plans to release an all-new super thin iPhone this year, debuting it alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. We've seen pictures of dummy models, cases, and renders with the design, but Lewis Hilsenteger of Unbox Therapy today showed off newer dummy models that give us a better idea of just how thin the "iPhone 17 Air" will be. The iPhone 17 Air is expected to be ...
Read Full Article156 comments
ipad air windows 11 arm

M2 iPad Air Runs Windows 11 ARM via Emulation, Thanks to EU Rules

Tuesday April 22, 2025 5:01 am PDT by
A developer has demonstrated Windows 11 ARM running on an M2 iPad Air using emulation, which has become much easier since the EU's Digital Markets Act (DMA) regulations came into effect. As spotted by Windows Latest, NTDev shared an instance of the emulation on social media and posted a video on YouTube (embedded below) demonstrating it in action. The achievement relies on new EU regulatory...
Read Full Article96 comments
iOS 18

iOS 18.5 Includes Only a Few Changes So Far

Monday April 21, 2025 11:00 am PDT by
Apple seeded the third beta of iOS 18.5 to developers today, and so far the software update includes only a few minor changes. The changes are in the Mail and Settings apps. In the Mail app, you can now easily turn off contact photos directly within the app, by tapping on the circle with three dots in the top-right corner. In the Settings app, AppleCare+ coverage information is more...
Read Full Article91 comments
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday April 17, 2025 4:12 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Read Full Article105 comments
iphone 17 pro majin bu sky blue

iPhone 17 Pro Allegedly Coming in Sky Blue Color Used for MacBook Air

Tuesday April 22, 2025 4:08 am PDT by
Apple will unveil the iPhone 17 Pro in a new Sky Blue color, the same color that debuted on the latest M4 MacBook Air models Apple released in March. That's according to the leaker Majin Bu. Concept mockup from Majin Bu Writing on his website, Bu claims that "sources close to the supply chain confirm that several iPhone 17 Pro prototypes have been made in various colors, with Sky Blue...
Read Full Article75 comments
maxresdefault

iPhone 17 Pro Launching Later This Year With These 12 New Features

Sunday April 13, 2025 7:52 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Subscribe to the MacRumors YouTube channel for more videos. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and ...
Read Full Article143 comments

Top Rated Comments

justperry Avatar
justperry
8 months ago
So, five passwords were lost.?
Score: 16 Votes (Like | Disagree)
sw1tcher Avatar
sw1tcher
8 months ago

When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard.
Bet they can't analyze my eye movement and figure out what I'm typing
Score: 15 Votes (Like | Disagree)
sw1tcher Avatar
sw1tcher
8 months ago

Exactly this. This means they’re already in your house so you have bigger problems.
You do know that some people are using their Vision Pro outside of their home, right? And as more people buy the Vision Pro over time, you'll see more people using them away from home.

[MEDIA=twitter]1753839916948009316[/MEDIA]



Attachment Image

Attachment Image
Score: 13 Votes (Like | Disagree)
Blackstick Avatar
Blackstick
8 months ago
If baddies could get my password by watching the utterly low resolution of my eyeballs darting around in a Persona, more power to 'em.

By the way, $1900 used. So worth it.

Attachment Image
Score: 11 Votes (Like | Disagree)
4k78 Avatar
4k78
8 months ago
Typing on a virtual keyboard seems so ridiculous.
Score: 11 Votes (Like | Disagree)
Dawn of Individual Merit Avatar
Dawn of Individual Merit
8 months ago
> The proof-of-concept attack was not exploited in the wild, according to the report

Obviously.
There's only like, 17 people worldwide who're still using their AVP.
Score: 10 Votes (Like | Disagree)
Read All Comments