The Apple Vision Pro launched with a first-of-its-kind security flaw straight out of science fiction
We may earn a commission if you make a purchase from the links on this page.
This year Apple tried its hand at the XR (Extended Reality) industry. And though the price of its headset has drawn lots of ridicule, the Apple Vision Pro has also accomplished a multitude of firsts for the industry. Apparently one of these was a new kind of security exploit never seen before in any device.
The exploit apparently made it possible to figure out what a person was typing by, and this is pretty cool, tracking their eye movements. Yep, the same principle Apple’s headset uses to let you browse its visionOS could be turned against you with alarming accuracy.
According to the researchers who alerted Apple to this exploit, they were able to correctly guess a password within the first five tries 77 percent of the time. For text messages this number rose to 92 percent. This is the first time information has been able to be extracted from a user’s “gaze data”.
According to the researchers who alerted Apple to this exploit, they were able to correctly guess a password within the first five tries 77 percent of the time. For text messages this number rose to 92 percent. This is the first time information has been able to be extracted from a user’s “gaze data”.
I am 77 percent certain his password is password. | Video credit — Apple
The exploit didn’t require the researchers to hack into the Vision Pro either. Those personas that Vision Pro users can use to portray themselves online? They were the culprit. Apparently just by analyzing the eye movements on the personas it was possible to decipher what the user was typing.
Fortunately, the researchers claim this vulnerability wasn’t detected and exploited before they alerted Apple back in April. The company patched out the flaw in visionOS 1.3 near the end of July. I have no clue why Apple took that long, especially since the “fix” just disables the personas when a user is typing, but at least it’s patched now.
This exploit immediately reminded me of science fiction media where we see ridiculous concepts like enhancing an awfully blurry image or lip-reading from five miles away. Only this time it was actually real, perhaps a testament to the Vision Pro’s stellar eye tracking.
The Vision Pro is one of the best AR headsets currently available today but news like this reminds us that, when designing something novel, expect novel problems as well.
Fortunately, the researchers claim this vulnerability wasn’t detected and exploited before they alerted Apple back in April. The company patched out the flaw in visionOS 1.3 near the end of July. I have no clue why Apple took that long, especially since the “fix” just disables the personas when a user is typing, but at least it’s patched now.
This exploit immediately reminded me of science fiction media where we see ridiculous concepts like enhancing an awfully blurry image or lip-reading from five miles away. Only this time it was actually real, perhaps a testament to the Vision Pro’s stellar eye tracking.
The Vision Pro is one of the best AR headsets currently available today but news like this reminds us that, when designing something novel, expect novel problems as well.
![Verizon is down across the US, and no one knows when service will be back [UPDATED]](https://m-cdn.phonearena.com/images/article/173671-wide-two_350/Verizon-is-down-across-the-US-and-no-one-knows-when-service-will-be-back-UPDATED.webp)
![Some T-Mobile users need to restart their phones [UPDATED]](https://m-cdn.phonearena.com/images/article/173654-wide-two_350/Some-T-Mobile-users-need-to-restart-their-phones-UPDATED.webp)
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: