Security News > 2024 > September > Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
2024-09-13 13:51

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard. The attack, dubbed GAZEploit, has been assigned the CVE identifier CVE-2024-40865. "A novel attack that can infer eye-related biometrics from the avatar image to


News URL

https://thehackernews.com/2024/09/apple-vision-pro-vulnerability-exposed.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-09-06 CVE-2024-40865 Unspecified vulnerability in Apple Visionos 1.0.2/1.1/1.2
The issue was addressed by suspending Persona when the virtual keyboard is active.
network
low complexity
apple
5.3
5.3

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 138 584 4213 1628 2414 8839