Apple Apologizes About FaceTime Bug, Software Update With Fix Delayed Until Next Week

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,463
8,522




Apple issued the following statement to MacRumors today in which it apologized for a major FaceTime eavesdropping bug:
We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.

We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
Widely publicized on Monday, the FaceTime bug allowed one person to call another person via FaceTime, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.

We demonstrated the bug in a video earlier this week:


Apple disabled Group FaceTime as a temporary server-side solution, preventing the bug from working any longer. Apple is also working on a software update with a permanent fix that it originally said would be available this week, but it has been delayed until next week, according to Apple's statement.

Apple thanked the Thompson family for reporting the bug--supposedly over a week before it made headlines--and said it is committed to improving the process by which it receives and escalate these reports in order to quash bugs faster.

Apple already faces a lawsuit in Texas and a proposed class action lawsuit in Canada over the bug. Given the serious privacy implications involved, it is certainly possible there will be more class action lawsuits to come.

Article Link: Apple Apologizes About FaceTime Bug, Software Update With Fix Delayed Until Next Week
 
  • Like
Reactions: MrUNIMOG

pat500000

Suspended
Jun 3, 2015
8,515
7,386
Oh...NOW you apologize...at this time. You were force to apologize to save face. Thanks to your bug feature, I overheard you saying that you were planning to do some hanky panky stuff.

Tim, you need to stop shouting “i’m all about security abd privacy.”
 

weup togo

macrumors 6502
May 6, 2016
324
953
This woman did *everything* right. She got blown off by the security team! Apple's cancerous hiring growth has lead to a mountain of people with no clue about Apple's actual culture or standards. We see the results in the headlines here daily for the last few years.
 

goonie4life9

macrumors regular
Jun 16, 2010
158
125
To be fair, this is a process-level failure. I never contact Apple until I've tried all the troubleshooting steps I, as an end-user, can. At that point, all that can happen is for the issue to be, "escalated to engineering." Typically, "engineering" asks me to repeat the same troubleshooting and often, they ask nonsensical questions because the agent didn't adequately describe the issue. All of this could be solved by having some from "engineering" communicate directly with customers, but for whatever reason, Apple refuses to allow that. All in all, it typically ends up being a multi-week process, which is exactly what happened here.

This woman did *everything* right. She got blown off by the security team! Apple's cancerous hiring growth has lead to a mountain of people with no clue about Apple's actual culture or standards. We see the results in the headlines here daily for the last few years.
 

ImAnAgent

Suspended
Oct 11, 2018
273
209
My mind
It's impossible to uncover all bugs in any software release no matter what company is involved. That's why releases continue to happen any why beta releases take place. If the bugs aren't found during the betas, you can't blame these companies for releasing a version they feel is ready.
 

az431

macrumors 65816
Sep 13, 2008
1,289
3,445
Portland, OR
Stop apologising and do some basic freaking testing and QA before rolling out (delayed) promised features. Every week there's a different bug, "gate" or whatnot.
Your assumption is that because a bug manifests itself, that Apple doesn't do "basic freaking testing," which is both illogical and incorrect. That's basically like saying if people were careful there would never be a car accident. Duh.

Regardless of how much testing is done, bugs will pop up, especially in something as complex as an operating system, and especially when you have 1.4 billion devices running that operating system.

The problem here is Apple's system for handling bug reports is horrible. I've reported bugs that were indeed bugs, and Apple either responded with some canned nonsense about it being intended or didn't respond at all. Then 2-3 years later the bug was fixed. Anytime you have to deal with Apple outside the context of the Apple Store it's a mess.
 

mjharwaz

macrumors member
Jul 12, 2017
88
90
Tucson, AZ
Am I the only person in the world who thinks the process to even get to this bug is asinine and outside of the normal use case of the average person? In what scenario does one find themselves thinking "oh, the other party isn't answering, maybe I should just FaceTime myself?"

Yes, it's a problem that something like this could be exploited to spy on someone, but without the publicity how many people would have ever tried this in their lifetime, let alone the week it was a problem?
 

jardinager

macrumors regular
Apr 24, 2015
234
461
NC
Sure. Now that you are forced to acknowledge and correct your mistake, you're sorry.

Why don't you listen to your customers and developers when they warn you deep in the beta cycle about bugs and problems?

Why does it take public humiliation and ridicule to get you to fix your sh*t, Apple?
 

usarioclave

macrumors 65816
Sep 26, 2003
1,449
1,503
The real problem with FaceTime is that the connection state can be controlled remotely. If the FT connection state was exclusively driven from the client then this bug couldn't have happened.

IMO this is the major problem with FaceTime that the bug exposed. The bug implies that Apple can listen in on your phone's audio and video at any time. FT has been around for so long that the functionality is probably part of the design; that's not something that would be "new in Group FaceTime."
 

cmaier

macrumors G5
Jul 25, 2007
14,064
8,544
California
Am I the only person in the world who thinks the process to even get to this bug is asinine and outside of the normal use case of the average person? In what scenario does one find themselves thinking "oh, the other party isn't answering, maybe I should just FaceTime myself?"

Yes, it's a problem that something like this could be exploited to spy on someone, but without the publicity how many people would have ever tried this in their lifetime, let alone the week it was a problem?
There are numerous professionals around the world whose only job is to find such vulnerabilities. They work for bad actors of all sorts - oppressive nation states, criminal organizations, etc. THis isn’t about what the average user would figure out.

And if this lady and her kid figured it out, you can bet that some bad guys knew about it already, and were using it.
 

ipponrg

macrumors 68000
Oct 15, 2008
1,666
1,246
Am I the only person in the world who thinks the process to even get to this bug is asinine and outside of the normal use case of the average person? In what scenario does one find themselves thinking "oh, the other party isn't answering, maybe I should just FaceTime myself?"

Yes, it's a problem that something like this could be exploited to spy on someone, but without the publicity how many people would have ever tried this in their lifetime, let alone the week it was a problem?
many bugs are divulged privately before they are publicly exposed to the mass. It could happen that this bug has been out longer than a week, it’s just that no one publicly exposed it

The number 1 rule for finding exploits is to do things that most people don’t do. It’s why QA teams spend a lot of time testing the unhappy paths