科技创新!
Apple fixes dangerous 'GAZEploit' Vision Pro security flaw
Apple's Vision Pro has a way of showing the world a virtual version of you while you interact with others in virtual reality. Unfortunately, this very feature – called Persona – could've been used by hackers to steal a Vision Pro user's sensitive data.
The security flaw was discovered by a group of six computer scientists from the University of Florida's Department of Computer Science, and it was first reported on by Wired.
The GAZEploit attack, as it was dubbed by the researchers, works by tracking the eye movements of a user's Persona to identify when they're typing something on the Vision Pro's virtual keyboard. The researchers discovered that users tend to direct their gaze onto specific keys that they're about to click, and were able to construct an algorithm that identified what the users were typing. The results were quite accurate; for example, the researchers were able to identify the correct letters of users' passwords 77 percent of the time. When it came to detecting what people were typing in a message, the results were accurate 92 percent of the time.
The researchers disclosed the vulnerability to Apple back in April, and Apple fixed it in visionOS 1.3, which came out in July. In the release notes, Apple says that the flaw enabled inputs to the virtual keyboard to be inferred from Persona.
"The issue was addressed by suspending Persona when the virtual keyboard is active," Apple wrote in the release notes. Vision Pro users who haven't yet updated to the latest version are advised to do so as soon as possible.
Related Stories
- Apple gets FDA green light on AirPods Pro hearing aid mode
- All of Apple's new iPhone 16 phones are capable of faster wired charging
- The best Apple deals following Apple's September event
- Apple 'Glowtime' event 2024: iPhone 16, Apple Watch Series 10, AirPods 4, and everything else announced
- Apple event underwhelming? Wait for the iPhone 17.
While simply disabling Persona while the user is typing was a pretty simple fix, the flaw does raise the question of just how much info a malicious hacker could infer just by observing a virtual version of you.
SEE ALSO: Apple Vision Pro: I watched a Billie Eilish concert in Bora Bora — and I didn't need to spend a pennyThe researchers said that the attack hasn't been used against someone using Personas in the real world. But what makes this attack particularly dangerous is that it only requires a video recording of someone's Persona while the person was typing, meaning an attacker could still use it on an older video. It seems that the only way to mitigate this issue is to erase any publicly available videos where your Persona is visible while typing; we've reached out to Apple for clarification on what can be done to protect your data.
友链
外链
互链
Copyright © 2023 Powered by
Apple fixes dangerous 'GAZEploit' Vision Pro security flaw-啜英咀华网
sitemap
文章
9877
浏览
5
获赞
848
热门推荐
Meghan McCain's complaining wedding guest is now a beautiful meme
If you're a guest at someone's wedding, you probably shouldn't insult them in front of thousands ofLaser tag and John Oliver: The 9 best and funniest tweets of the week
Some four-day work weeks feel like they took eight days and — taking the liberty of speaking fMSCHF's 'Tax Heaven 3000' is a girlfriend simulator that can also file your taxes
This tax season, fall for MSCHF's dating sim, not tax scams.On Monday, MSCHF launched a free anime dThe best tweets of 2022: Twitter's last 'normal' year
2022 was certainly…a year for Twitter. It’s hard to call it a “good” year fWhat to expect at WWDC 2020: Plenty of new features across all Apple devices
On June 22, Apple will hold is annual World Wide Developers Conference (WWDC). But rather than gatheElon Musk polls Twitter on fate of suspended journalists, gets told the obvious
Chief Twit Elon Musk says he lives by one rule: Vox populi, vox dei. If you're not caught up on yourTwice opens Roblox world where fans can play games and buy digital merch
Fans of South Korean girl group Twice have a new digital hang out in Roblox. In celebration of theirElon Musk's Twitter CEO resignation poll gets a cheeky response from MySpace Tom
Despite the fact Elon Musk's Twitter polls clearly aren't going all that well, the social media platTom Hiddleston's Chinese Centrum ad is a real wild ride
It was brought to the internet's attention on Friday that Tom Hiddleston recently starred in a CentrGenerative AI risks: EU consumer group calls for 'urgent investigation'
Consumer groups in Europe are urging authorities to protect consumers against the risks of generativEt tu, Spotify? The 13 best tweets from Wrapped week
Spotify Wrapped day has come and gone, meaning we all got to share just how coolwe all are with ourElon Musk says Tesla might achieve fully autonomous driving 'later this year'
It's easy to forget amidst the Twitter/Threads drama, but Elon Musk is still CEO of that car companyTwitter admits it went too far with '5G causes COVID
Even Twitter admits it was too heavy-handed with its misinformation labels for posts about COVID-19,Karlie Kloss thinks Roblox is the future of fashion
You may know Karlie Kloss as a supermodel who has graced the cover of Vogue42 times, walked hundredsSamsung sets next Galaxy Unpacked stream for July
Now that Google's first foldable is out of the way, it's time for Samsung's fifth round of bendy-scr