Why does someone always need to be fired for a mistake? This was not one person missing it. It was hundreds of employees, thousands of developers, and hundreds of millions of FaceTime users that missed it. The fact that it took 4 months to come out shows how 'hidden' this bug was.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Disables Group FaceTime as Temporary Workaround to Major Privacy Bug
- Thread starter MacRumors
- Start date
- Sort by reaction score
Why does someone always need to be fired for a mistake? This was not one person missing it. It was hundreds of employees, thousands of developers, and hundreds of millions of FaceTime users that missed it. The fact that it took 4 months to come out shows how 'hidden' this bug was.
I would say that this is a fairly obvious edge case. In other words, if someone told me to try to break Group FaceTime it would occur to me pretty quickly.I can totally understand why this was missed in testing. You’re placing a call and then you add your own number to the call...it would never occur to me that I could even try to do that, I’m already “using my line.”
This is why I respect QA testers—they have devious minds and spend their days thinking of edge cases like this.
Spoken like a diehard non Apple fan. If Google and Samsung had your focus they would be out of business. You almost never hear about Googles horror of an OS, but wait they control search...you kind of have to hunt it down. Even apps that steal money from your PayPal account on Android gets zero attention. I literally had no idea this was going on since December. https://www.zdnet.com/article/andro...m-paypal-accounts-while-users-watch-helpless/
Because they have caused a massive PR headache for both Tim Cook and Baymowe.
It’s too personal of a bug. Maybe I’m being too harsh, but it completely goes against privacy and someone needs to take the fall.
I don’t like it either, but this crap cannot be tolerated. Apple has to be better.
Again, I’m probably top 5 Apple defender here.
This is perhaps the first time I’ve really thought Apple messed up very clearly and advocating a firing. I think Apple is a fantastic company, Cook is an excellent CEO and the entire team is doing a great job overall. Of course, there are problems like any company, but you manage through them.
Some are so big people need to get canned. I feel this is one.
Don’t think it’s a massive PR headache as much as a bad bug. Some will take this to the nth degree while others will say, “just fix it Apple. There is a middle ground with all shades of grey in between.
Shameful only if you are not fussy about Apple being thorough with respect to robust testing; especially obscure edge scenarios.
In hindsight it can certainly come off that way, but perior to that in reality that is not necessarily the case.
Well, the suspense is killing me - for gawdsake what happened when you added your own number?
So who do you want to see fired? A Tim Cook level person or one of their thousands of programmers?
Later this week doesn't necessarily mean it will take a week. That aside, fixing an issue, and doing it properly, can take time. Time is needed to investigate it, consider solutions, find the most appropriate one with the least potential risk, actually design and develop it, test it not only making sure it works but also making sure it doesn't break something else and doesn't introduce some other unintentional issues, package it up and get a new release with it ready, test the whole release overall to make sure it's good to go, and actually release it. All of that takes time and multiple people and teams of people that need to communicate and be on the same page, which also takes up time.
And in the meantime it looks like the affected functionality--Group FaceTime--has been disabled, meaning that the privacy issue isn't exploitable at the moment.
Not much, I set up calls between iPad and iPhone and Mac, and it all seemed to work. I never noticed this bug.It was probably there, though.
Now that the ongoing issue is mitigated by taking group FaceTime offline, at least I prefer a fix where they've spent some time on properly testing it instead of rushing out an emergency fix that could break something else.
[doublepost=1548743988][/doublepost]
I also work in software development and this sums it up pretty much perfectly. Having the fix out within a week is perfectly fine, especially when it's not possible to actively exploit the flaw anymore. However, if they still manage to have a major regression in the fix once it ships, that's when we can start complaining.
Even if the actual fix is trivial, thoroughly testing it and winding up an OS update takes several days.
Software developers write bugs in their code, that's a given.
A whole list of managers above that overworked engineer all the way up to Craig Federighi decided that releasing the feature without enough testing, cutting corners along the way was the way to go. In a fair world, that's where you should be looking for fireable material.
They should also release iPhones by the day, not by the year. Ah, all the should-have brigade.
They disabled it server side, instant measure. How much faster do you want? A fix is in works, it takes time. Apple is still human developers at the desk, not Gods.
So bugs exist, but in this case it's because there isn't enough testing and there's corner cutting, and not because bugs can exist?
Wasn't FT for group delayed from its original relase date in order to make it work? Guess the extra time paid off.... /s
Lets stop all this back slapping and praising Apple for a moment. It's still completely unacceptable and further proof their QA/Testing is a disgraceful mess.
For this bug to happen, Apple had to fail at three places: The instigator device had to request a nonsense change in the communications link. (Enabling audio and/or video for what should be a non-operation, i.e. adding your own number should do nothing as you're already in the connection.) A server had to pass on the command. (It should have gone "Huh? The target device isn't logged in yet.") And the target device isn't blocking access until the user confirms the connection.
This feels like Apple was planning to rely solely on security in their server. The target device seems to be doing whatever the server asked it to do. It assumes that it is OK because Apple only ever intends devices to talk to the Apple mothership, and Apple never intends to do anything malicious...
This what I mean by "server side security".