Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple Patches Vision Pro Vulnerability to Prevent GAZEploit Attacks

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

Apple VIsion Pro vulnerability

Apple has released a patch for its Vision Pro mixed reality headset after researchers showed how an attacker could obtain data typed by a user by tracking their eyes. 

One of the ways Vision Pro users can type is by using a virtual keyboard and looking at each of the keys they want to press. 

Researchers from the University of Florida and Texas Tech University have demonstrated an attack method, dubbed GAZEploit, that can be used to infer what a Vision Pro user is typing by tracking the eye movement of their avatar. 

An avatar, called by Apple a Persona, is a natural representation of the user’s face and hand movements within the Vision Pro environment. This is how others see the user during video calls, meetings and live streams.

The researchers found that an analysis of the avatar’s eye movements while the user is typing with their gaze can be used to reconstruct the keys they press on the Vision Pro virtual keyboard.

The GAZEploit attack was tested on data collected from 30 individuals and the researchers achieved significant accuracy for when users typed messages, passwords, URLs, emails, and passcodes (PINs). 

“During gaze typing, users’ gazes shift between keys and fixate on the key to be clicked, resulting in saccades followed by fixations. Saccades refers to the period when users move their gaze rapidly from one object to another. Fixations refers to the period when users stare at an object,” the researchers explained. 

“We developed an algorithm that calculates the stability of the gaze trace and sets a threshold to classify fixations from saccades. We use the gaze estimation points in these high stability regions as click candidates. Evaluation on our dataset shows precision and recall rate of 85.9% and 96.8% on identifying keystrokes within typing sessions,” they added.

Advertisement. Scroll to continue reading.

Apple said the vulnerability, which it tracks as CVE-2024-40865, has been patched with the release of visionOS 1.3. The security advisory for visionOS 1.3 was published in late July, but it was updated by Apple on September 5 to include CVE-2024-40865. 

Apple has addressed the issue by suspending Persona when the virtual keyboard is active.

This is not the first Vision Pro hack. A researcher showed recently how an attacker could have generated arbitrary objects in a room — specifically bats and spiders — simply by getting the user to visit a website. 

Related: Apple Patches Vision Pro Vulnerability Used in Possibly ‘First Ever Spatial Computing Hack’

Related: Apple Patches Vision Pro Vulnerability as CISA Warns of iOS Flaw Exploitation

Related: Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.