As of late Thursday, the View Account section of the software, accessible through Preferences, had been disabled, eliminating a vulnerability that had been widely reported earlier in the day. Apple did not respond to a request for comment Friday.
The German site MacNotes first reported the flaw, descriptions of which quickly spread across the web. The problem stemmed from the fact that FaceTime for Mac, released in beta on Wednesday, showed one's iTunes account settings in plain text without first asking for a password. The information revealed included username, ID, place and birth date, security question and the answer.
Using that information, a person or hacker, could change the account password and then use it for accessing the account. However, exploiting the flaw would have been difficult, given the fact that the hacker would have had to find an unattended system and have time to make the changes.
Nevertheless, the flaw appeared to be a careless oversight on Apple's part. "Whoever did the FaceTime product wasn't talking to the people handling the normal account security on the backend," H.D. Moore, chief security officer at Rapid7 and chief architect of Metasploit, told InformationWeek Metasploit is an open-source framework for discovering exploit techniques.
Because Apple's Mac OS X accounts for a relatively small slice of the global PC market, most malware developers have focused on the dominant Windows platform. However, as smartphones, tablet-style computers and other mobile devices replace PCs for accessing the Internet, then Apple products could become a more prominent target for hackers, experts say. Apple today has a leading smartphone and tablet in the iPhone and iPad, respectively.
FaceTime for Mac beta is the first iteration of Apple's move to expand the use of the video-calling software, which before Wednesday could only be used among iPhone 4 users. Non-Apple devices cannot use FaceTime.