科技创新!
Apple fixes dangerous 'GAZEploit' Vision Pro security flaw
Apple's Vision Pro has a way of showing the world a virtual version of you while you interact with others in virtual reality. Unfortunately, this very feature – called Persona – could've been used by hackers to steal a Vision Pro user's sensitive data.
The security flaw was discovered by a group of six computer scientists from the University of Florida's Department of Computer Science, and it was first reported on by Wired.
The GAZEploit attack, as it was dubbed by the researchers, works by tracking the eye movements of a user's Persona to identify when they're typing something on the Vision Pro's virtual keyboard. The researchers discovered that users tend to direct their gaze onto specific keys that they're about to click, and were able to construct an algorithm that identified what the users were typing. The results were quite accurate; for example, the researchers were able to identify the correct letters of users' passwords 77 percent of the time. When it came to detecting what people were typing in a message, the results were accurate 92 percent of the time.
The researchers disclosed the vulnerability to Apple back in April, and Apple fixed it in visionOS 1.3, which came out in July. In the release notes, Apple says that the flaw enabled inputs to the virtual keyboard to be inferred from Persona.
"The issue was addressed by suspending Persona when the virtual keyboard is active," Apple wrote in the release notes. Vision Pro users who haven't yet updated to the latest version are advised to do so as soon as possible.
Related Stories
- Apple gets FDA green light on AirPods Pro hearing aid mode
- All of Apple's new iPhone 16 phones are capable of faster wired charging
- The best Apple deals following Apple's September event
- Apple 'Glowtime' event 2024: iPhone 16, Apple Watch Series 10, AirPods 4, and everything else announced
- Apple event underwhelming? Wait for the iPhone 17.
While simply disabling Persona while the user is typing was a pretty simple fix, the flaw does raise the question of just how much info a malicious hacker could infer just by observing a virtual version of you.
SEE ALSO: Apple Vision Pro: I watched a Billie Eilish concert in Bora Bora — and I didn't need to spend a pennyThe researchers said that the attack hasn't been used against someone using Personas in the real world. But what makes this attack particularly dangerous is that it only requires a video recording of someone's Persona while the person was typing, meaning an attacker could still use it on an older video. It seems that the only way to mitigate this issue is to erase any publicly available videos where your Persona is visible while typing; we've reached out to Apple for clarification on what can be done to protect your data.
友链
外链
互链
Copyright © 2023 Powered by
Apple fixes dangerous 'GAZEploit' Vision Pro security flaw-山眉水眼网
sitemap
文章
1
浏览
71
获赞
48437
热门推荐
FBI warns of look
Someone is weaponizing your typos. With the U.S. presidential election fast approaching, people acroThe best smart home deals to shop before Prime Day
There's no better time to save on smart home devices than on Prime Day, and with early access to deaBest Apple Watch Prime Day deals
The Prime Big Deal Days event is delivering offers on Apple Watches. Here are a few of our favoritesBest headphone deals: Get Sony headphones and earbuds up to 37% off
Wireless headphones and earbuds give you more freedom to wander wherever you want as you work, walk,Samsung takes on AirPods Pro with Galaxy Buds Live
After weeks of speculation and leaks, Samsung went ahead and officially unveiled its answer to AppleBest headphone deals: Get Sony headphones and earbuds up to 37% off
Wireless headphones and earbuds give you more freedom to wander wherever you want as you work, walk,How to use Bing Image Creator with DALL
Bing Image Creator, powered by the DALL-E image generator tool, has been around since March 2023. BuTwitter/X is now charging a $1 annual fee to let new accounts post
Twitter/X has announced a new $1 USD annual fee for all new users in New Zealand and the PhilippinesThis is what it's like when a covert image of you goes viral online
When Rad Konieczny first saw a screenshot of the video, he felt physically sick.A friend of a friendThe internet rips Joel Osteen for slow response to Houston's Harvey victims
Move over, Martin Shkreli. The internet has grabbed its pitchforks and has a new person to hate.TeleThe latest Republican conspiracy theory about environmental groups is a doozy
House Science Committee Chairman Lamar Smith thinks that the Russian government is funding environmeTesla goes off
The Cybertruck, Tesla's three-ton, stainless-steel plated electric truck, is built for some seriousWTF is raclette, and why is it all over Instagram?
Mashable bites into a creamy, nutty, gooey, and sometimes stinky world during our fist-ever Cheese WThe Apple Watch Series 8 is just $279 at Best Buy in a small/medium
SAVE $120:In a small/medium band size, the Apple Watch Series 8 is $279 at Best Buy as of Sept. 26.Meta AI: The new ChatGPT rival was trained on your sh*tposts
It's no secret that Meta has a vision for generative AI coming to all of its platforms — Insta