科技创新!
Apple fixes dangerous 'GAZEploit' Vision Pro security flaw
Apple's Vision Pro has a way of showing the world a virtual version of you while you interact with others in virtual reality. Unfortunately, this very feature – called Persona – could've been used by hackers to steal a Vision Pro user's sensitive data.
The security flaw was discovered by a group of six computer scientists from the University of Florida's Department of Computer Science, and it was first reported on by Wired.
The GAZEploit attack, as it was dubbed by the researchers, works by tracking the eye movements of a user's Persona to identify when they're typing something on the Vision Pro's virtual keyboard. The researchers discovered that users tend to direct their gaze onto specific keys that they're about to click, and were able to construct an algorithm that identified what the users were typing. The results were quite accurate; for example, the researchers were able to identify the correct letters of users' passwords 77 percent of the time. When it came to detecting what people were typing in a message, the results were accurate 92 percent of the time.
The researchers disclosed the vulnerability to Apple back in April, and Apple fixed it in visionOS 1.3, which came out in July. In the release notes, Apple says that the flaw enabled inputs to the virtual keyboard to be inferred from Persona.
"The issue was addressed by suspending Persona when the virtual keyboard is active," Apple wrote in the release notes. Vision Pro users who haven't yet updated to the latest version are advised to do so as soon as possible.
Related Stories
- Apple gets FDA green light on AirPods Pro hearing aid mode
- All of Apple's new iPhone 16 phones are capable of faster wired charging
- The best Apple deals following Apple's September event
- Apple 'Glowtime' event 2024: iPhone 16, Apple Watch Series 10, AirPods 4, and everything else announced
- Apple event underwhelming? Wait for the iPhone 17.
While simply disabling Persona while the user is typing was a pretty simple fix, the flaw does raise the question of just how much info a malicious hacker could infer just by observing a virtual version of you.
SEE ALSO: Apple Vision Pro: I watched a Billie Eilish concert in Bora Bora — and I didn't need to spend a pennyThe researchers said that the attack hasn't been used against someone using Personas in the real world. But what makes this attack particularly dangerous is that it only requires a video recording of someone's Persona while the person was typing, meaning an attacker could still use it on an older video. It seems that the only way to mitigate this issue is to erase any publicly available videos where your Persona is visible while typing; we've reached out to Apple for clarification on what can be done to protect your data.
友链
外链
互链
Copyright © 2023 Powered by
Apple fixes dangerous 'GAZEploit' Vision Pro security flaw-寸地尺天网
sitemap
文章
373
浏览
913
获赞
61949
热门推荐
TwoSeven review: Group streaming for all of your favorite services
The search for the perfect group streaming service for the age of social distancing isn't over, butFacebook Android app requests 'superuser' access to device
Facebook wants all your data, and, when it comes to Android users, it's not afraid to ask for it. SeFacebook Android app requests 'superuser' access to device
Facebook wants all your data, and, when it comes to Android users, it's not afraid to ask for it. SeMysterious blockchain
There are a lot of sketchy ideas and publicity stunts pushed at the annual Consensus blockchain confEvery 2020 candidate's 404 error page, ranked
UPDATE: May 16, 2019, 3:36 p.m. EDT Since this story was published, three more candidates -- Bill de'I am a' memes show what people are really seeking on dating apps
Online dating can be a frustrating experience. Despite the amount of niche apps out there, not everyHeroic stranger saves Chrissy Teigen from being hit by cyclist
Buckle up, Chrissy Teigen stans, because we're about to take you on a wild ride involving a fake babTwitter fights spam bots and malicious accounts
In a new blog post on Tuesday, Twitter committed to continue dealing with problems that have long plACLU warns that 'no replies' on Twitter could violate the constitution
Trump was basically Obama's reply guy throughout the 2010s, so it's only fitting that he won't be abOprah Winfrey enters multi
Oprah and Apple are teaming up to take over the world, presumably.Apple announced a new multi-year pAutoplaying video ads will soon invade your Facebook Messenger inbox
Somehow, Facebook is still finding ways to make Facebook Messenger more annoying.Now, the company plConsumer Reports snubs Tesla on Model 3 recommendation
Tesla and the independent product review publication Consumer Reportshave had a hot-and-cold relatioLenovo Flex 5G laptop now available through Verizon
5G isn't just for phones. Starting this week, you can buy a real, actual laptop that connects to theAmazon hosts conspiracy theory videos from Alex Jones, David Icke
Amazon Prime's documentary genre features many Academy Award-winning feats of investigative journaliOprah Winfrey enters multi
Oprah and Apple are teaming up to take over the world, presumably.Apple announced a new multi-year p