The Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
  • @[email protected]English
    227 days ago

    That should be an easy fix in a future software update by simply not replicating eye movement as soon as the user is looking at the keyboard.

    • @[email protected]English
      67 days ago

      Sounds like what they already did: as soon as the virtual keyboard pops up the eye movement isn’t transmitted as part of the avatar.

      • @[email protected]English
        57 days ago

        Oh I see. According to the article:

        The GAZEpolit researchers reported their findings to Apple in April and subsequently sent the company their proof-of-concept code so the attack could be replicated. Apple fixed the flaw in a Vision Pro software update at the end of July, which stops the sharing of a Persona if someone is using the virtual keyboard.

        An Apple spokesperson confirmed the company fixed the vulnerability, saying it was addressed in VisionOS 1.3.