Apple Apologizes About FaceTime Bug, Software Update With Fix Delayed Until Next Week

[C DM]

- Apple should acknowledge and apologize!

(Apple acknowledges and apologizes.)

- Apple is being sleazy and trying to cover up and only doing it because of the outcry!

 

[Justin Cymbal]

Great start to this 14-year-old's resume! Keep up the good work!

 

[genovelle]

Stop apologising and do some basic freaking testing and QA before rolling out (delayed) promised features. Every week there's a different bug, "gate" or whatnot.

Please explain how there was no testing or QA when there were multiple private and public betas including many thousands of users that did not surface this bug. Manly because no normal person would call themselves while making a group call.

 

[Rogifan]

- Apple should acknowledge and apologize!

(Apple acknowledges and apologizes.)

- Apple is being sleazy and trying to cover up and only doing it because of the outcry!

Basically heads I win tails you lose.

 

[Khedron]

- Apple should acknowledge and apologize!

(Apple acknowledges and apologizes.)

- Apple is being sleazy and trying to cover up and only doing it because of the outcry!

Why does it take Apple longer to apologise than it takes lawsuits to appear?

 

[I7guy]

Says the Thompson family “reported” the bug not “discovered” the bug. Carefully worded announcement?
[doublepost=1549032401][/doublepost]

Why does it take Apple longer to apologise than it takes lawsuits to appear?

Because people sue faster than the drop of a pin, which is almost always longer than an apology?

 

[racerhomie]

I am happy with Apples response to this critical security bug. But I hope they employ more folks to patch bugs when they get reports.

 

[genovelle]

- Apple should acknowledge and apologize!

(Apple acknowledges and apologizes.)

- Apple is being sleazy and trying to cover up and only doing it because of the outcry!

Am I the only person in the world who thinks the process to even get to this bug is asinine and outside of the normal use case of the average person? In what scenario does one find themselves thinking "oh, the other party isn't answering, maybe I should just FaceTime myself?"

Yes, it's a problem that something like this could be exploited to spy on someone, but without the publicity how many people would have ever tried this in their lifetime, let alone the week it was a problem?

Correct. It is abnormal and the public release of the method was the bigger problem, because it trained everyone how to do it, putting everyone at risk.

 

[miniyou64]

Google and Facebook invade your privacy every day in more insidious ways than you can imagine but THIS is what gets people up in arms? Give me a break.

People voluntarily agree to that though

The family should get that bug bounty and Apple should overhaul how people are able to communicate with engineering.

 

[AlumaMac]

Because people sue faster than the drop of a pin, which is almost always longer than an apology?

When even the friendly Canadians sue you, you know you waited too long to apologize. /s

 

[Feyl]

I'm surprised they didn't blame Scott Forstall again.

Suprised me too. Where are you haters?

 

[EdT]

Your assumption is that because a bug manifests itself, that Apple doesn't do "basic freaking testing," which is both illogical and incorrect. That's basically like saying if people were careful there would never be a car accident. Duh.

Regardless of how much testing is done, bugs will pop up, especially in something as complex as an operating system, and especially when you have 1.4 billion devices running that operating system.

The problem here is Apple's system for handling bug reports is horrible. I've reported bugs that were indeed bugs, and Apple either responded with some canned nonsense about it being intended or didn't respond at all. Then 2-3 years later the bug was fixed. Anytime you have to deal with Apple outside the context of the Apple Store it's a mess.

Having dealt with industrial control equipment and having tried to report errors to them I think this is the real problem. You can’t find every bug in testing, unless you test until the product wouldn’t be useful. But you could do a better job listening to customers who report problems.

 

[RickInHouston]

Meanwhile, Google, Facebook, Amazon, etc are boldly and obviously stealing EVERYTHING from you and nobody bats an eye.

That's a tired go to fallback.

 

[Scooz]

I'm surprised they didn't blame Scott Forstall again.

They probably thought about blaming it on their messenger delivering the bug report printout from their Radar facility to one of their newly build engineering camps using Apple Maps to explain the week it took engineering to get aware of the situation.

Actually though, it was just a younger Apple employee fearing to touch that overly realistically rendered glossy red button since their internal apps still rely on skeuomorph... Uh, it looks like someone licked it...

Anyway, so the problem wasn’t the build quality but the chain of communications, since they might get sued for the latter but not the former. Reminds me of the classic car manufacturers’ calculations. It’s just way too expensive to fix engineering.

 

[furbzv1]

so how much is Apple paying the family? $50K, $100K, $250K?

 

[cmaier]

Google and Facebook invade your privacy every day in more insidious ways than you can imagine but THIS is what gets people up in arms? Give me a break.

It’s possible to be outraged or alarmed by more than one thing at a time.
[doublepost=1549033528][/doublepost]

People voluntarily agree to that though

No they don’t. They don’t fully disclose all the data they look at and they don’t disclose exactly what they do with it. The latest facebook scandal involves minors, who can’t give legally-binding consent in any case, and they clearly didn’t provide any details to the parents in the supposed parental consent notices.

You can’t “voluntarily agree” to something unless you know what you are agreeing to.

 

[Scooz]

Am I the only person in the world who thinks the process to even get to this bug is asinine and outside of the normal use case of the average person? In what scenario does one find themselves thinking "oh, the other party isn't answering, maybe I should just FaceTime myself?"

Yes, it's a problem that something like this could be exploited to spy on someone, but without the publicity how many people would have ever tried this in their lifetime, let alone the week it was a problem?

That seems like an 90s idea of what state of the art testing for privacy-relevant apps might be.

But even then:

“Same user in conference multiple times?” seems like a classical test case for the server side.

“active call screen displayed when call is active?” seems like another one for the client app.

And why the caller adding another user opens the mic on your device is just another story that has to be explained. Like that “denying the call opens video”.

A quote from Burn after Reading might more appropriately describe the problem at hand.

 

[NMBob]

I'd imagine that everybody in Apple are breathing down the neck of that lone single poor engineer trying to resolve the bug.

With 123,000 people it's probably a committee that's responsible for the bad line of code.

 

[gsurf123]

I can't fault Apple unless we get informed of the number of bug reports received weekly. I am certain there is a lot of noise, as in a lot of non-bug reports, complaints and other nonsense to filter through.

iOS and all of the software that runs on it is beyond complex, in fact more complex than we could ever imagine. Teams of testers could work 24x7 and they won't catch every bug. This seems like it would have been easy to catch, but that is looking backward. QC at large companies is rigorous, but stuff still gets through. When software went from local computer only to being networked the complexity increased as did the risk, but nothing like the move to computers (phones) connected to the Internet 24x7. The risk went from near zero (basically viruses only) to severe since the devices can be attacked in real time 24x7 with severe consequences then flaws are found.

This was a non-issue that was hardly serious on any level. Had it gone on for months then maybe. What Google and FaceBook do is much more sinister.

The mother of the boy who turned this in said she was worried about the government since it uses iPhones. She has nothing to worry about as the government is never running a new version of any software product on day 1 or even day 100 and in many cases day 300 (unless there are serious flaws). They are slow to move as they have their own vetting and roll out system. Same for any large company for company issued phones.

 

[CalvinBroadus]

Lol iOS 12.1.4 is going to be the next “AirPower”.

“It’s coming this week”

Jk sorry next week maybe lol

 

[Scooz]

Please explain how there was no testing or QA when there were multiple private and public betas including many thousands of users that did not surface this bug. Manly because no normal person would call themselves while making a group call.

Because you have to test this in code to find it. Betas are not a replacement for general code reviews, unit and integration tests and full security audits.

 

[Solver]

Tim Cook: “Get that guy that fixed our last security bug to work on it right away!”
(About a week later)
Person #4367: “...it’s now on schedule. Oh, and Mr Cook...that security guy you asked about...he quit.”

 

[weup togo]

To be fair, this is a process-level failure. I never contact Apple until I've tried all the troubleshooting steps I, as an end-user, can. At that point, all that can happen is for the issue to be, "escalated to engineering." Typically, "engineering" asks me to repeat the same troubleshooting and often, they ask nonsensical questions because the agent didn't adequately describe the issue. All of this could be solved by having some from "engineering" communicate directly with customers, but for whatever reason, Apple refuses to allow that. All in all, it typically ends up being a multi-week process, which is exactly what happened here.

The email address for the security team is the one fast path direct to engineering that Apple offers, precisely to avoid disasters like this. This isn't simply a process failure. It is a culture failure. And it is a responsible decision-making failure on the part of the individuals involved.

 

[citysnaps]

Oh...NOW you apologize...at this time. You were force to apologize to save face. Thanks to your bug feature, I overheard you saying that you were planning to do some hanky panky stuff.

Tim, you need to stop shouting “i’m all about security abd privacy.”

Such drama. And such an immature and juvenile response.

 

[barkomatic]

This woman did *everything* right. She got blown off by the security team! Apple's cancerous hiring growth has lead to a mountain of people with no clue about Apple's actual culture or standards. We see the results in the headlines here daily for the last few years.

True. But to be fair can you imagine the thousands of people contacting Apple daily claiming they've found bugs, but which turn out to not to be upon investigation? I imagine it's a challenge to sort through attention seeking people from those who have found genuine issues.