Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed

by

As reported by WIRED today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, including passwords, PINs, and messages.

visionOS Virtual Keyboard
When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard. The researchers created a website with technical details about the so-called "GAZEploit" vulnerability.

In short, the researchers said that a person's gaze typically fixates on a key they are likely to press next, and this can reveal some common patterns. As a result, the researchers said they were able to identify the correct letters people typed in messages 92% of the time within five guesses, and 77% of the time for passwords.

dan persona vision pro
The researchers disclosed the vulnerability to Apple in April, according to the report, and the company addressed the issue in visionOS 1.3 in July. The update suspends Personas when the Vision Pro's virtual keyboard is active.

Apple added the following entry to its visionOS 1.3 security notes on September 5:

Presence

Available for: Apple Vision Pro

Impact: Inputs to the virtual keyboard may be inferred from Persona

Description: The issue was addressed by suspending Persona when the virtual keyboard is active.

CVE-2024-40865: Hanqiu Wang of University of Florida, Zihao Zhan of Texas Tech University, Haoqi Shan of Certik, Siqi Dai of University of Florida, Max Panoff of University of Florida, and Shuo Wang of University of Florida

The proof-of-concept attack was not exploited in the wild, according to the report. Nonetheless, Vision Pro users should immediately update the headset to visionOS 1.3 or later to ensure they are protected, now that the findings have been shared publicly.

Related Roundups: Apple Vision Pro, visionOS 2
Buyer's Guide: Vision Pro (Neutral)
Related Forum: Apple Vision Pro

Popular Stories

iphone 16 display

iPhone 17's Scratch Resistant Anti-Reflective Display Coating Canceled

Monday April 28, 2025 12:48 pm PDT by
Apple may have canceled the super scratch resistant anti-reflective display coating that it planned to use for the iPhone 17 Pro models, according to a source with reliable information that spoke to MacRumors. Last spring, Weibo leaker Instant Digital suggested Apple was working on a new anti-reflective display layer that was more scratch resistant than the Ceramic Shield. We haven't heard...
Read Full Article111 comments
apple watch ultra yellow

What's Next for the Apple Watch Ultra 3 and Apple Watch SE 3

Friday April 25, 2025 2:44 pm PDT by
This week marks the 10th anniversary of the Apple Watch, which launched on April 24, 2015. Yesterday, we recapped features rumored for the Apple Watch Series 11, but since 2015, the Apple Watch has also branched out into the Apple Watch Ultra and the Apple Watch SE, so we thought we'd take a look at what's next for those product lines, too. 2025 Apple Watch Ultra 3 Apple didn't update the...
Read Full Article65 comments
iPhone 17 Air Pastel Feature

iPhone 17 Reaches Key Milestone Ahead of Mass Production

Monday April 28, 2025 8:44 am PDT by
Apple has completed Engineering Validation Testing (EVT) for at least one iPhone 17 model, according to a paywalled preview of an upcoming DigiTimes report. iPhone 17 Air mockup based on rumored design The EVT stage involves Apple testing iPhone 17 prototypes to ensure the hardware works as expected. There are still DVT (Design Validation Test) and PVT (Production Validation Test) stages to...
Read Full Article27 comments
Beyond iPhone 13 Better Blue

20th Anniversary iPhone Likely to Be Made in China Due to 'Extraordinarily Complex' Design

Monday April 28, 2025 4:29 am PDT by
Apple will likely manufacture its 20th anniversary iPhone models in China, despite broader efforts to shift production to India, according to Bloomberg's Mark Gurman. In 2027, Apple is planning a "major shake-up" for the iPhone lineup to mark two decades since the original model launched. Gurman's previous reporting indicates the company will introduce a foldable iPhone alongside a "bold"...
Read Full Article122 comments
iPhone 17 Air Pastel Feature

iPhone 17 Air Launching Later This Year With These 16 New Features

Thursday April 24, 2025 8:24 am PDT by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device. Overall, the iPhone 17 Air sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
Read Full Article101 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article
iphone 17 air iphone 16 pro

iPhone 17 Air USB-C Port May Have This Unusual Design Quirk

Wednesday April 30, 2025 3:59 am PDT by
Apple is preparing to launch a dramatically thinner iPhone this September, and if recent leaks are anything to go by, the so-called iPhone 17 Air could boast one of the most radical design shifts in recent years. iPhone 17 Air dummy model alongside iPhone 16 Pro (credit: AppleTrack) At just 5.5mm thick (excluding a slightly raised camera bump), the 6.6-inch iPhone 17 Air is expected to become ...
Read Full Article120 comments

Top Rated Comments

justperry Avatar
justperry
8 months ago
So, five passwords were lost.?
Score: 16 Votes (Like | Disagree)
sw1tcher Avatar
sw1tcher
8 months ago

When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard.
Bet they can't analyze my eye movement and figure out what I'm typing
Score: 15 Votes (Like | Disagree)
sw1tcher Avatar
sw1tcher
8 months ago

Exactly this. This means they’re already in your house so you have bigger problems.
You do know that some people are using their Vision Pro outside of their home, right? And as more people buy the Vision Pro over time, you'll see more people using them away from home.

[MEDIA=twitter]1753839916948009316[/MEDIA]



Attachment Image

Attachment Image
Score: 13 Votes (Like | Disagree)
Blackstick Avatar
Blackstick
8 months ago
If baddies could get my password by watching the utterly low resolution of my eyeballs darting around in a Persona, more power to 'em.

By the way, $1900 used. So worth it.

Attachment Image
Score: 11 Votes (Like | Disagree)
4k78 Avatar
4k78
8 months ago
Typing on a virtual keyboard seems so ridiculous.
Score: 11 Votes (Like | Disagree)
Dawn of Individual Merit Avatar
Dawn of Individual Merit
8 months ago
> The proof-of-concept attack was not exploited in the wild, according to the report

Obviously.
There's only like, 17 people worldwide who're still using their AVP.
Score: 10 Votes (Like | Disagree)
Read All Comments