FaceTime for Mac Has a Nasty Security Hole (Update)

Yesterday, Apple rolled out the previously iPhone- and iPod Touch-only FaceTime videochat software to Mac computer users; however, as the German blog MacNotes has discovered, the current beta version of FaceTime for Mac has a security hole that could leave some users’ Apple ID accounts compromised. Given that this could be used by an interloper to change the FaceTime user’s password, locking them out of their own Apple account, as well as make purchases from the iTunes store, this is cause for concern.

Recommended Videos

Update, 10/22: It’s been fixed.

MacNotes:

We started having a closer look at the settings when Gernot pointed us at some issues: Once you’ve logged into FaceTime you can have a look at all the account settings of the used Apple ID. Username, ID, place and birth date are shown as well as the security question and the answer to it — in plain text, without another password request.

Another issue happens while logging out: When you choose “Log Out” from the top menu, the password remains in the password field, even when restarting the application. That shouldn’t be the case tho: Applications should remove passwords from the password field as soon as the application is closed.

TUAW is snarkily dismissive of these concerns: “In related security news, cash registers left unattended with their drawers open are likely to be robbed and cars left running with the doors unlocked are likely to be stolen … any miscreant who has physical access to your computer is a potential security threat.” Their point is well taken — giving others access to your computer when you’re logged into various online programs and sites is usually a bad idea — but the security procedures that are missing are pretty standard online, and with good reason, rooted in bad experiences past. There’s no reason for Apple not to add another password entry speed bump and to clear the FaceTime password from the password entry field after users log out.

Fortunately, this is only day one of FaceTime for Mac, and most of the people who’ve already tried it out are likely tech-savvy Apple power users: Indeed, the point of releasing an early beta before handing the program over to the masses is to detect bugs like this early. This doesn’t seem like it’ll be particularly difficult for Apple to fix, but it’s bad enough that they should get on it pronto.

(MacNotes via MacRumors)


The Mary Sue is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more
related content
Read Article ChatGPT Voice That Sounds Like Scarlett Johansson in ‘Her’ Shut Down Following Backlash
joaquin phoenix wearing glasses with a mustache in her
Read Article Surprising No One, All 3,878 of Elon Musk’s Cybertrucks Are Being Recalled
Elon Musk during a T-Mobile and SpaceX event
Read Article ‘Mamma Mia!’ Star Sara Poyzer Says a BBC Production Replaced Her With AI
Sara Poyzer performs at the Magic at the Musicals event in 2019
Read Article In Moment of Unbelievable Irony, Midjourney Accuses Stability AI of Image Theft
Spider-Man pointing at another Spider-Man, who is pointing back.
Read Article Elon Musk May Be the Lesser of Two Evils in This Legal Battle With OpenAI
Elon Musk at the 2022 Met Gala
Related Content
Read Article ChatGPT Voice That Sounds Like Scarlett Johansson in ‘Her’ Shut Down Following Backlash
joaquin phoenix wearing glasses with a mustache in her
Read Article Surprising No One, All 3,878 of Elon Musk’s Cybertrucks Are Being Recalled
Elon Musk during a T-Mobile and SpaceX event
Read Article ‘Mamma Mia!’ Star Sara Poyzer Says a BBC Production Replaced Her With AI
Sara Poyzer performs at the Magic at the Musicals event in 2019
Read Article In Moment of Unbelievable Irony, Midjourney Accuses Stability AI of Image Theft
Spider-Man pointing at another Spider-Man, who is pointing back.
Read Article Elon Musk May Be the Lesser of Two Evils in This Legal Battle With OpenAI
Elon Musk at the 2022 Met Gala