Apple Fixes Vision Pro Security Flaw That Could Expose What You Typed

As reported by WIRED today, a group of six computer scientists this year discovered a security vulnerability with the Apple Vision Pro that allowed them to reconstruct what people were typing, including passwords, PINs, and messages.

visionOS Virtual Keyboard
When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard. The researchers created a website with technical details about the so-called "GAZEploit" vulnerability.

In short, the researchers said that a person's gaze typically fixates on a key they are likely to press next, and this can reveal some common patterns. As a result, the researchers said they were able to identify the correct letters people typed in messages 92% of the time within five guesses, and 77% of the time for passwords.

dan persona vision pro
The researchers disclosed the vulnerability to Apple in April, according to the report, and the company addressed the issue in visionOS 1.3 in July. The update suspends Personas when the Vision Pro's virtual keyboard is active.

Apple added the following entry to its visionOS 1.3 security notes on September 5:

Presence

Available for: Apple Vision Pro

Impact: Inputs to the virtual keyboard may be inferred from Persona

Description: The issue was addressed by suspending Persona when the virtual keyboard is active.

CVE-2024-40865: Hanqiu Wang of University of Florida, Zihao Zhan of Texas Tech University, Haoqi Shan of Certik, Siqi Dai of University of Florida, Max Panoff of University of Florida, and Shuo Wang of University of Florida

The proof-of-concept attack was not exploited in the wild, according to the report. Nonetheless, Vision Pro users should immediately update the headset to visionOS 1.3 or later to ensure they are protected, now that the findings have been shared publicly.

Related Roundups: Apple Vision Pro, visionOS 2
Buyer's Guide: Vision Pro (Neutral)
Related Forum: Apple Vision Pro

Popular Stories

Apple Watch Ultra Night Mode Screen

Apple Watch Ultra 3 Launching Later This Year With Two Key Upgrades

Wednesday July 2, 2025 1:13 pm PDT by
The long wait for an Apple Watch Ultra 3 appears to be nearly over, and it is rumored to feature both satellite connectivity and 5G support. Apple Watch Ultra's existing Night Mode In his latest Power On newsletter, Bloomberg's Mark Gurman said that the Apple Watch Ultra 3 is on track to launch this year with "significant" new features, including satellite connectivity, which would let you...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 14 New Features

Friday July 4, 2025 1:05 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are just over two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:Apple logo repositioned: Apple's logo may have a lower position on the back of the iPhone 17 Pro models, compared to previous...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Max Battery Capacity Leaked

Thursday July 3, 2025 5:40 am PDT by
The iPhone 17 Pro Max will feature the biggest ever battery in an iPhone, according to the Weibo leaker known as "Instant Digital." In a new post, the leaker listed the battery capacities of the iPhone 11 Pro Max through to the iPhone 16 Pro Max, and added that the iPhone 17 Pro Max will feature a battery capacity of 5,000mAh: iPhone 11 Pro Max: 3,969mAh iPhone 12 Pro Max: 3,687mAh...
airpods pro 2

AirPods Pro 3 to Help Maintain Apple's Place in Earbud Market Amid Increasing Low-Cost Competition

Thursday July 3, 2025 7:25 am PDT by
Apple's position as the dominant force in the global true wireless stereo (TWS) earbud market is expected to continue through 2025, according to Counterpoint Research. The forecast outlines a 3% year-over-year increase in global TWS unit shipments for 2025, signaling a transition from rapid growth to a more mature phase for the category. While Apple is set to remain the leading brand by...
apple silicon mac lineup 2024 feature purple m5

Apple's Upcoming Macs Listed in New Report

Thursday July 3, 2025 9:09 am PDT by
AppleInsider's Marko Zivkovic today shared a list of alleged identifiers for future Mac models, which should roll out over the next year or so. The report does not reveal anything too surprising, but it does serve as further evidence that Apple is seemingly working on new models of every Mac, including the MacBook Air, MacBook Pro, iMac, Mac mini, Mac Studio, and Mac Pro. Apple is...
iPhone 17 Pro Lower Logo Magsafe

iPhone 17 Pro's New MagSafe Design Revealed in Leaked Photo

Wednesday July 2, 2025 8:37 am PDT by
The upcoming iPhone 17 Pro and iPhone 17 Pro Max are rumored to have a slightly different MagSafe magnet layout compared to existing iPhone models, and a leaked photo has offered a closer look at the supposed new design. The leaker Majin Bu today shared a photo of alleged MagSafe magnet arrays for third-party iPhone 17 Pro cases. On existing iPhone models with MagSafe, the magnets form a...

Top Rated Comments

justperry Avatar
11 months ago
So, five passwords were lost.?
Score: 16 Votes (Like | Disagree)
sw1tcher Avatar
11 months ago

When a Vision Pro user was using a virtual Persona avatar, such as during a FaceTime call, the researchers were able to analyze the Persona's eye movement or "gaze" to determine what the user was typing on the headset's virtual keyboard.
Bet they can't analyze my eye movement and figure out what I'm typing
Score: 15 Votes (Like | Disagree)
sw1tcher Avatar
11 months ago

Exactly this. This means they’re already in your house so you have bigger problems.
You do know that some people are using their Vision Pro outside of their home, right? And as more people buy the Vision Pro over time, you'll see more people using them away from home.

[MEDIA=twitter]1753839916948009316[/MEDIA]



Attachment Image

Attachment Image
Score: 13 Votes (Like | Disagree)
Blackstick Avatar
11 months ago
If baddies could get my password by watching the utterly low resolution of my eyeballs darting around in a Persona, more power to 'em.

By the way, $1900 used. So worth it.

Attachment Image
Score: 11 Votes (Like | Disagree)
4k78 Avatar
11 months ago
Typing on a virtual keyboard seems so ridiculous.
Score: 11 Votes (Like | Disagree)
Dawn of Individual Merit Avatar
11 months ago
> The proof-of-concept attack was not exploited in the wild, according to the report

Obviously.
There's only like, 17 people worldwide who're still using their AVP.
Score: 10 Votes (Like | Disagree)