Apple Vision Pro Vulnerability Exposed, 23andMe Agrees to $30 Million Settlement Over Data Breach: Your Cybersecurity Roundup
Apple Vision Pro Vulnerability Exposed User Privacy
A critical vulnerability in Apple’s Vision Pro headset could have allowed attackers to infer sensitive information by analyzing users’ eye movements. The flaw, known as GAZEploit, was exploited by researchers to reconstruct text entered via gaze-controlled typing.
Apple has since addressed the issue in visionOS 1.3, but the vulnerability highlights the potential risks associated with emerging technologies and the importance of robust security measures.
The researchers demonstrated how an attacker could capture and analyze virtual avatar videos to remotely infer keystrokes, potentially compromising user privacy. This attack could be used to extract sensitive information like passwords or other confidential data.
While Apple has mitigated the vulnerability, organizations and individuals using the Vision Pro headset should remain vigilant and ensure they have the latest software updates installed to protect against potential threats.
23andMe Agrees to $30 Million Settlement Over Data Breach
DNA testing giant 23andMe has agreed to pay a $30 million settlement to resolve a class-action lawsuit stemming from a data breach that exposed the personal information of millions of customers.
The breach, which occurred in 2023, involved hackers gaining access to customer accounts through credential stuffing attacks. 23andMe has admitted that the data of 6.4 million U.S. residents was compromised during the incident.
As part of the settlement, 23andMe will implement enhanced security measures to prevent future breaches and provide cash payments to affected customers. The company will also be required to undergo regular cybersecurity audits and update its employee training programs.
This settlement highlights the importance of strong data security practices for companies handling sensitive personal information.
Over 1 Million Android Streaming Devices Infected with Vo1d Malware
Over 1.3 million Android-based streaming devices have fallen victim to a large-scale malware campaign, according to cybersecurity researchers. The malware, named Vo1d, gives attackers full control over infected devices, posing serious risks to users’ privacy and security.
The campaign primarily targets low-cost TV streaming boxes running outdated versions of the Android Open Source Project (AOSP) operating system. Some of the most affected countries include Brazil, Morocco, Pakistan, Saudi Arabia, and Russia. Once the malware infects a device, it alters crucial system files, ensuring its persistence by launching automatically upon boot. Hidden in the files “wd” and “vo1d,” the malware uses one component to control the other, downloading executables when instructed by a command-and-control server and monitoring certain directories to install discovered APK files.
Researchers at Dr.Web suggest that outdated software vulnerabilities may be exploited by Vo1d to gain root privileges on affected devices. Additionally, unofficial firmware versions with pre-installed root access could serve as another potential infection vector.
To mitigate the risk, it is recommended that users keep their streaming device software up to date, disconnect devices from the internet if they suspect remote exploitation, and avoid installing APK files from untrusted third-party sources. Notably, Google has clarified that devices affected by Vo1d malware do not run Android TV but instead use the AOSP platform, which lacks Play Protect certification—a security program by Google that ensures the safety and quality of devices.
