Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
iTunes account access has been disabled in settings of the video-calling software beta, which reportedly closes the security gap.
2 Min Read
Slideshow: 10 Killer Mac Applications
Slideshow: 10 Killer Mac Applications (click image for larger view and for full slideshow)
Apple appears to have addressed a security flaw in FaceTime for Mac beta by disabling the ability to view one's iTunes account settings in the video-calling software.
As of late Thursday, the View Account section of the software, accessible through Preferences, had been disabled, eliminating a vulnerability that had been widely reported earlier in the day. Apple did not respond to a request for comment Friday.
The German site MacNotes first reported the flaw, descriptions of which quickly spread across the web. The problem stemmed from the fact that FaceTime for Mac, released in beta on Wednesday, showed one's iTunes account settings in plain text without first asking for a password. The information revealed included username, ID, place and birth date, security question and the answer.
Using that information, a person or hacker, could change the account password and then use it for accessing the account. However, exploiting the flaw would have been difficult, given the fact that the hacker would have had to find an unattended system and have time to make the changes.
Nevertheless, the flaw appeared to be a careless oversight on Apple's part. "Whoever did the FaceTime product wasn't talking to the people handling the normal account security on the backend," H.D. Moore, chief security officer at Rapid7 and chief architect of Metasploit, told InformationWeek Metasploit is an open-source framework for discovering exploit techniques.
Because Apple's Mac OS X accounts for a relatively small slice of the global PC market, most malware developers have focused on the dominant Windows platform. However, as smartphones, tablet-style computers and other mobile devices replace PCs for accessing the Internet, then Apple products could become a more prominent target for hackers, experts say. Apple today has a leading smartphone and tablet in the iPhone and iPad, respectively.
FaceTime for Mac beta is the first iteration of Apple's move to expand the use of the video-calling software, which before Wednesday could only be used among iPhone 4 users. Non-Apple devices cannot use FaceTime.
SEE ALSO:
Apple FaceTime Mac Beta Ships With Pedestrian Security Flaw
About the Author(s)
You May Also Like
More Insights
Webinars
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
