Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]

[Kabeyun]

Good Lord, they didn't "address" the bug in a week, that would likely take weeks. They disabled the function entirely. And it is not a Hard to log, verify or review this bug. It was the same as password login that took weeks reporting, before someone has to blow it up to the media and Apple took action. And this isn't the first, second, or third time it has happened. It is a sad state because it isn't a one off. And nothing has been done with regards to Apple security input.

>Please enlighten us as to what Apple-sized company regularly does better.

None, but being best in the sad state of market where Google and Facebook are actively collecting data does not mean Apple in its current form is good enough.

If you mean the root access password bug, that was widely praised for being patched in a day. I don’t know what “weeks reporting” you’re referring to, unless you’re talking about a different bug.

And that bug resurfaced with the next macOS update, proving that you don’t rush patches to market. Apple did the right thing shutting down Group FaceTime until a proper fix can be deployed. That’s how you show you take it seriously; do the safe thing first, do the definitive thing next.

And comparing promptly addressed coding accidents to deliberate, sneaky data harvesting confounds the two separate issues.

 

[macduke]

I'm not.

Well, there it is.

 

[ksec]

If you mean the root access password bug, that was widely praised for being patched in a day. I don’t know what “weeks reporting” you’re referring to, unless you’re talking about a different bug.

And that bug resurfaced with the next macOS update, proving that you don’t rush patches to market. Apple did the right thing shutting down Group FaceTime until a proper fix can be deployed. That’s how you show you take it seriously; do the safe thing first, do the definitive thing next.

And comparing promptly addressed coding accidents to deliberate, sneaky data harvesting confounds the two separate issues.

It is not about fixing the bug in time, it is about addressing it. This isn't the first time Apple ignores report of critical security report, and only pick up the slack when media starts reporting. I.e They could have temporary shut down FaceTime before this was blown out.

The lady who reported this ( she is a lawyer ) even Fax it to Apple, it was about the best bug reporting from a non technical person.