And at the very least give a response that they’re looking in it.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]
- Thread starter MacRumors
- Start date
- Sort by reaction score
I've had bug reports ignored before, but ignoring something like this is unacceptable.
What is the issue with the Touch Bar? The others I agree are issues, but I like the Touch Bar.
You obviously don't work in software development. Let me give you a play by play of what generally happens in this kind of situation.
1. Someone first has to see the bug. Tweeting/Facebook/etc means nothing. Social media accounts aren't monitored 24/7 and even so, with thousands of people tweeting/facebook messaging/etc, there's a good chance what was sent on there doesn't get seen. The bug reporting system is truly the only way to ensure it gets through, and again, it depends when someone sees it.
2. The bug needs to be reproduced. Without reproduction it can't be fixed. This looks very easy to reproduce so this step likely went quickly.
3. Developers get dispatched to the bug (or since FaceTime is very complex, likely a team) who figures out what is causing the bug. This isn't instant, this can take a very long time to figure out. Reading code isn't like reading a word document and bugs, especially ones involving networking calls can be very tricky to figure out.
4. Once the cause is defined then the scope/impact of fixing it needs addressed. Does the bug ONLY affect Group FaceTime? Does it affect other things? Is it something a patch (which needs developed and tested) can fix? This kind of thing isn't instant either and can take a lot of time to figure out.
5. Once all of the above is figured out then a plan of action is implemented. In this case, Apple decided they need more time to fix the bug and took Group FaceTime down immediately.
You and others need to stop with the silly conspiracy theories already. Educate yourself on how such a thing happens and realize that fixes aren't usually instant.
I do.
If Apple is staunch an advocate for privacy as they claim, FaceTime is taken offline as soon as this is replicated.
My thoughts exactly. Not to mention the MLK holiday that they are more than likely closed for. All these things go through a queue. It’s not that they have a team of people monitoring these live. While it is a major issue, people should understand that it takes time to get things routed correctly.
Here's hoping that if/when iCloud gets breached it isn't Arbor Day.
No you don't. I'm not going to trade tit for tat with someone who can't even tell the truth.
I will however point out the major flaw in your "logic" should be apparent if you truly did work in software development. Disabling an entire feature people rely on isn't the right answer and is wildly irresponsible because its a feature many people rely on daily. If we disabled major pieces of functionality every time a bug was found instead of isolating the problem you'd never be able to run any software.
FaceTime doesn't have the bug as Apple discovered when they did steps similar to what I outlined in my previous post. Group FaceTime is what has the bug, and once it was identified and seen to be something that couldn't be patched quickly, it was disabled. Again, this kind of thing takes time and research hence why they can't just up and disable something.
I see what you mean and to a point I do agree, however the timing is very suspicious in that as soon as new outlets report on it, they pull it.
Now you may cite coincidental timing but there was a similar case with the iOS calculator bug. That had been reported indefinitely during the betas and only when it gets media attention, it's immediately dealt with.
Not true at all. Until it’s know what other effects are doing so will cause. You don’t take that step. Also, if you are involved you know that when a serious bug is found, protocols are in place to secretly work on it as long as it is not an active exploit that does not require something unusual to create the condition. Like starting a Group FaceTime call then calling yourself. Had they not decided to promote this on social media it would have been fix without the need for shutting down the entire network.
None of this is relevant.
Any half decent company would have taken this evidence and immediately raised at LEAST a P1 if not higher ticket. It's absolutely inexcusable for a security incident this serious to not at least have been triage'd to a very high priority.
By being in IT, he means he is the guy that power cycles the modem when the internet goes down at his office.
They can't just disable and enable features left and right because they get unverified reports of issues. Things must be verified first before such immediate action is taken such as disabling an entire feature.
It means whoever is in charge of services at apple took over one week to temporarily disable group FT.
iOS 12.1 and up it's only a group facetime bug and that feature was implemented in 12.1. It's unknown if it has been there since 12.1 or if it started in 12.1.3.
We know apple knew about it over a week ago and we know there was a big media reporting about it yesterday and then almost right away the feature was disabled. Why did it take over a week to do that?
That is certainly a question that would be good to have some answers to, and can certainly have a variety of factors and variables involved in it all. That said, we know that Apple was reached out to about it a week ago, it doesn't mean that they know about it right then and there.