Researchers developed the GAZExploit attack in two parts: first, analyzing the gaze behavior of users typing on a virtual keyboard using Vision Pro headsets, and second, using geometric calculations to determine the position and size of the virtual keyboard. By combining these elements, they were able to predict typed letters with high accuracy, including passwords and PINs. This method, which Apple has since patched, highlights the potential security risks associated with eye tracking technology. The attack’s realism and power to extract sensitive information make it a significant vulnerability, even though it has not been exploited in real-world scenarios.
https://www.wired.com/story/apple-vision-pro-persona-eye-tracking-spy-typing/