informa
/
Risk
News

Apple Closes FaceTime For Mac Security Hole

iTunes account access has been disabled in settings of the video-calling software beta, which reportedly closes the security gap.
Slideshow: 10 Killer Mac Applications
Slideshow: 10 Killer Mac Applications
(click image for larger view and for full slideshow)
Apple appears to have addressed a security flaw in FaceTime for Mac beta by disabling the ability to view one's iTunes account settings in the video-calling software.

As of late Thursday, the View Account section of the software, accessible through Preferences, had been disabled, eliminating a vulnerability that had been widely reported earlier in the day. Apple did not respond to a request for comment Friday.

The German site MacNotes first reported the flaw, descriptions of which quickly spread across the web. The problem stemmed from the fact that FaceTime for Mac, released in beta on Wednesday, showed one's iTunes account settings in plain text without first asking for a password. The information revealed included username, ID, place and birth date, security question and the answer.

Using that information, a person or hacker, could change the account password and then use it for accessing the account. However, exploiting the flaw would have been difficult, given the fact that the hacker would have had to find an unattended system and have time to make the changes.

Nevertheless, the flaw appeared to be a careless oversight on Apple's part. "Whoever did the FaceTime product wasn't talking to the people handling the normal account security on the backend," H.D. Moore, chief security officer at Rapid7 and chief architect of Metasploit, told InformationWeek Metasploit is an open-source framework for discovering exploit techniques.

Because Apple's Mac OS X accounts for a relatively small slice of the global PC market, most malware developers have focused on the dominant Windows platform. However, as smartphones, tablet-style computers and other mobile devices replace PCs for accessing the Internet, then Apple products could become a more prominent target for hackers, experts say. Apple today has a leading smartphone and tablet in the iPhone and iPad, respectively.

FaceTime for Mac beta is the first iteration of Apple's move to expand the use of the video-calling software, which before Wednesday could only be used among iPhone 4 users. Non-Apple devices cannot use FaceTime.

SEE ALSO:

Apple FaceTime Mac Beta Ships With Pedestrian Security Flaw

Is Mac Security Software Necessary?

Schwartz On Security: Can Apple Minimalism Stop Botnets?

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5