Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed

by

As reported by WIRED today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, including passwords, PINs, and messages.

visionOS Virtual Keyboard
When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard. The researchers created a website with technical details about the so-called "GAZEploit" vulnerability.

In short, the researchers said that a person's gaze typically fixates on a key they are likely to press next, and this can reveal some common patterns. As a result, the researchers said they were able to identify the correct letters people typed in messages 92% of the time within five guesses, and 77% of the time for passwords.

dan persona vision pro
The researchers disclosed the vulnerability to Apple in April, according to the report, and the company addressed the issue in visionOS 1.3 in July. The update suspends Personas when the Vision Pro's virtual keyboard is active.

Apple added the following entry to its visionOS 1.3 security notes on September 5:

Presence

Available for: Apple Vision Pro

Impact: Inputs to the virtual keyboard may be inferred from Persona

Description: The issue was addressed by suspending Persona when the virtual keyboard is active.

CVE-2024-40865: Hanqiu Wang of University of Florida, Zihao Zhan of Texas Tech University, Haoqi Shan of Certik, Siqi Dai of University of Florida, Max Panoff of University of Florida, and Shuo Wang of University of Florida

The proof-of-concept attack was not exploited in the wild, according to the report. Nonetheless, Vision Pro users should immediately update the headset to visionOS 1.3 or later to ensure they are protected, now that the findings have been shared publicly.

Related Roundups: Apple Vision Pro, visionOS 2
Buyer's Guide: Vision Pro (Buy Now)
Related Forum: Apple Vision Pro

Popular Stories

Generic iOS 19 Feature Mock Light

iOS 19 Will Bring Biggest Design Overhaul Since iOS 7

Monday March 10, 2025 12:17 pm PDT by
Apple is planning for a major design overhaul of the iPhone, iPad, and Mac interfaces with the introduction of iOS 19, iPadOS 19, and macOS 16 later this year, reports Bloomberg. The update will "fundamentally change" the look of Apple's operating system, introducing a more consistent cross-platform experience. Apple plans to update the style of icons, menus, apps, windows, and system...
Read Full Article256 comments
ios 18 4 carplay

Apple Upgrades CarPlay in Two Ways

Wednesday March 12, 2025 6:05 am PDT by
The upcoming iOS 18.4 update for the iPhone includes a smaller but meaningful improvement for Apple's in-car iPhone mirroring system CarPlay. Specifically, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a...
Read Full Article49 comments
Apple One Apps Feature 2

Apple One's Best Plan Now Includes Two More Perks For Free

Monday March 10, 2025 6:40 am PDT by
Apple One allows you to subscribe to up to six Apple services for one discounted monthly price. There are three Apple One tiers: Individual, Family, and Premier. Over the last month, the highest-end ‌Apple One‌ Premier plan has gained two additional perks. Here is what Apple One Premier already included, for $37.95 per month:Apple Music Apple TV+ Apple Arcade Apple News+ Apple Fitness+...
Read Full Article64 comments
airpods pro 2 gradient

AirPods Pro 3 Launch Now Just Months Away: Here's What We Know

Tuesday March 11, 2025 3:26 am PDT by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
Read Full Article45 comments
iOS 18

12 New Things Your iPhone Can Do in iOS 18.4

Monday March 10, 2025 9:28 am PDT by
Apple is set to release iOS 18.4 in early April, bringing further refinements to Apple Intelligence features, a neat new capability to iPhone 15 Pro devices, new emoji, and more. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.4 still introduces enhancements that aim to make your iPhone smarter and more intuitive. Below, we've listed 12 new...
Read Full Article32 comments
iphone 17 mockups idevicehelp

Video Shows iPhone 17 Mockups Based on 'Internal Documents'

Monday March 10, 2025 4:41 am PDT by
YouTuber iDeviceHelp on Friday posted a video that shows off mockups of Apple's forthcoming iPhone 17 models that are purportedly based on "internal documents." We're sharing the video here since it was made in collaboration with leaker Majin Bu, who last month published similar iPhone 17 renders that were widely corroborated by separate leakers with links to Apple's Chinese supply chain....
Read Full Article90 comments
iOS 18

iOS 18.3.2 Update Coming Soon for iPhones

Monday March 10, 2025 7:25 am PDT by
Apple employees are internally testing iOS 18.3.2 for iPhones, according to our website's visitor logs, which have been a reliable indicator of upcoming iOS versions. The software update should be released in the next week or two. iOS 18.3.2 will be a minor update that addresses software bugs and/or security vulnerabilities. Don't expect any new features. iOS 18.3.2 will be an interim...
Read Full Article49 comments
Apple Maps vs Google Maps Feature

iOS 18.4 Adds a Highly-Requested Setting to iPhones — But Not in U.S.

Wednesday March 12, 2025 1:05 pm PDT by
iPhones are finally getting a much-requested setting, but availability is limited. The upcoming iOS 18.4 update introduces an option to set a default navigation app, other than Apple Maps, but unfortunately this new setting is limited to users in the EU. There, you can now set an app like Google Maps or Waze as your default navigation app on the iPhone by opening the Settings app and tapping ...
Read Full Article81 comments
iOS 18

Apple Releases iOS 18.3.2 With Bug Fixes

Tuesday March 11, 2025 10:33 am PDT by
Apple today released iOS 18.3.2 and iPadOS 18.3.2, minor updates for the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.3.2 and iOS 18.3.2 come a month after Apple released iOS 18.3.1 and iPadOS 18.3.1. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's release...
Read Full Article41 comments

Top Rated Comments

justperry Avatar
justperry
26 weeks ago
So, five passwords were lost.?
Score: 16 Votes (Like | Disagree)
sw1tcher Avatar
sw1tcher
26 weeks ago

When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard.
Bet they can't analyze my eye movement and figure out what I'm typing
Score: 15 Votes (Like | Disagree)
sw1tcher Avatar
sw1tcher
26 weeks ago

Exactly this. This means they’re already in your house so you have bigger problems.
You do know that some people are using their Vision Pro outside of their home, right? And as more people buy the Vision Pro over time, you'll see more people using them away from home.

[MEDIA=twitter]1753839916948009316[/MEDIA]



Attachment Image

Attachment Image
Score: 13 Votes (Like | Disagree)
Blackstick Avatar
Blackstick
26 weeks ago
If baddies could get my password by watching the utterly low resolution of my eyeballs darting around in a Persona, more power to 'em.

By the way, $1900 used. So worth it.

Attachment Image
Score: 11 Votes (Like | Disagree)
4k78 Avatar
4k78
26 weeks ago
Typing on a virtual keyboard seems so ridiculous.
Score: 11 Votes (Like | Disagree)
Dawn of Individual Merit Avatar
Dawn of Individual Merit
26 weeks ago
> The proof-of-concept attack was not exploited in the wild, according to the report

Obviously.
There's only like, 17 people worldwide who're still using their AVP.
Score: 10 Votes (Like | Disagree)
Read All Comments