CVE-2024-40865

Name of the Vulnerable Software and Affected Versions visionOS versions prior to 1.3

Description The issue is related to the virtual keyboard in visionOS, where inputs may be inferred from Persona when the virtual keyboard is active. This could allow an attacker to determine what users are typing on the virtual keyboard by analyzing eye movements, compromising user privacy. The issue has been exploited in real-world attacks.

Recommendations For visionOS versions prior to 1.3, the issue was addressed by suspending Persona when the virtual keyboard is active. To resolve the issue, update to visionOS 1.3. As a temporary workaround, consider disabling the virtual keyboard or restricting its use until the update is applied.