Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]

[I7guy]

Truthfully though....this is a major blunder on Apple's part. I'm sure they get an inordinate amount of bug reports, both major and minor, every day. But when someone puts this on your radar on multiple fronts and it goes completely unanswered it's a sign that the review process if fundamentally flawed.

If this lady reported it on the 21st the Group FaceTime service should have been offline no later than the 22nd and there should have been a press release detailing the issue and the corrective action. Instead it sat there for a week until it blew up in their face.

No way to spin this other than a massive failure by Apple. Hopefully they learn from it and are better for it going forward.

The person who claims he/she was first may not have been first. Still don’t know the complete picture.

 

[neuropsychguy]

Wow. I’m actually surprised Apple didn’t take action sooner. Seems like they care more when these things make headlines.

But also, I’m sure not a ton of people discovered this.

Of course they care more with headlines. Otherwise it's quietly patched like most bugs (including the ones more severe than this that don't make headlines).

 

[MarkB786]

What does that mean? You’re going android?

Android: Life is better here. Android has come a long way. My 19 yr old son is even fed up with Apple phones and he loves my Note. Wife loves her new S9 over the SE. Son is getting the S10 when it comes out in a few weeks. Ditto for his GF.

 

[I7guy]

Ok then why did they only disable Group FaceTime yesterday? Seriously, Apple, how many people had their privacy infringed in the last 8 days? Not cool.

I would like to know this as well.

 

[otternonsense]

I think the trust patch was lost after all the issues in the MacBook Pro.

It's obvious to most that Apple is a large corporation that is concerned primarily with stock prices.

They're dropping the ball hard. Just in the last year alone:

- Not being able to type "I"
- Degrading battery power on older phones to "avoid restarts"
- Allowing root level access to Macs in an OS update.
- The complete dumpster fire that is the Touch Bar MacBook Pro
- Pre-bent iPads
- Enabling people to hear and see people who said "no"
etc.

Separately, any one of these is a relatively small deal. Taken together, it's a complete failure of quality assurance at the "trillion dollar company"

 

[citysnaps]

Wow. I’m actually surprised Apple didn’t take action sooner. Seems like they care more when these things make headlines.

But also, I’m sure not a ton of people discovered this.

You were expecting Apple to acknowledge the bug report publicly, giving those with bad intentions a head-start, while they attempted to understand and replicate the issue, and come up with a fix?

 

[Rogifan]

How do we know this is legit? If people on Twitter are right the initial email to Apple didn’t include details. When I once filed a bug on the TV app included all kinds of details and screen shots. This is what, the 5th story now about this? Are rumor sites just looking for traffic/cllcks?

 

[Bornee35]

Yet they claim they care about privacy, marketing 101.
I wonder how can people still defend Apple in this case.

It’s hard to weed out all the bugs, especially when it includes adding yourself to a Group FaceTime call to initiate it. Who would do that.

 

[I7guy]

Android: Life is better here. Android has come a long way. My 19 yr old son is even fed up with Apple phones and he loves my Note. Wife loves her new S9 over the SE. Son is getting the S10 when it comes out in a few weeks. Ditto for his GF.

You’re going with what works for you and your family. That’s the way it should be.

 

[Rob_2811]

The person who claims he/she was first may not have been first. Still don’t know the complete picture.

How do we know this is legit? And this is what, the 5th story now about this? Are rumor sites just looking for traffic/cllcks?

The tweet that she sent tagging Apple Support is on her timeline from 20th January.

https://twitter.com/MGT7500/status/1087171594756083713

 

[laptech]

So, a user finds the facetime bug a week ago and uses Apples official bug reporting channels to report it. The user shows evidence that Apple was contacted a number of times regarding the bug but kept the issue quiet.

It now transpires that a week after the bug was reported to Apple, another user finds the bug and makes it publicly known. All hell breaks loose and Apple shuts down Facetime Group server.

Apple had a week to fix the bug before someone else found it and gave it full disclosure. Now facetime users cannot group chat because of the companies incompetence to fix the bug when it was first reported, and Apple fans still stick by them!!!

 

[Bornee35]

Of course they care more with headlines. Otherwise it's quietly patched like most bugs (including the ones more severe than this that don't make headlines).

I like all the posts not understanding why Apple didn’t tell the world about a security issue before fixing it.

 

[Khedron]

Apple knowingly expose their users to a massive privacy bug until called out by the media

Such concern

 

[1050792]

It’s hard to week out all the bugs, especially when it includes adding yourself to a Group FaceTime call to initiate it. Who would do that.

A company who tests it's products and services extensively before releasing like Apple Maps, Apple Music, Group Face Time etc...
If it was Google you'd be throwing stones at them, but when it's Apple "mistakes happen" and they do but a company who prides itself of caring about privacy and that only their products are secure, should publicly feel ashamed of even having these bugs not found out in the development stage. Not long ago we had root issues within macOS. Or you don't remember that mistake either?

 

[CrystalQuest76]

It's obvious to most that Apple is a large corporation that is concerned primarily with stock prices.

All corporations are run by executives that are concerned with stock prices. Those executives' fortunes and bonuses are directly tied to stock prices. To think otherwise is foolish.

 

[thisisnotmyname]

Kid's mom wants bug bounty payday without adhering to security researching protocols of quiet periods while the manufacturer addresses the issue. Feels entitled to instant feedback even though the bug is registered in Apple systems. Think public tweet at the CEO is the way to go about this. What a circus.

 

[Plutonius]

You were expecting Apple to acknowledge the bug report publicly, giving those with bad intentions a head-start, while they attempted to understand and replicate the issue, and come up with a fix?

I expected Apple to say they had issues with the group FaceTime feature and they are disabling it temporarily while they fix it. There is no need to state what the issues are but, for a company that talks about privacy, they should have shut down group FaceTime at once.

 

[diddl14]

Of all ********s, she decided to tip of Vox News..

 

[1050792]

I like all the posts not understanding while Apple didn’t tell the world about a security issue before fixing it.

So they kept the insecurity until it became known, instead of closing Group Face Time when found instead of today?
Do you even read what you type?

 

[JimmyBanks6]

Again, it was already public by time she tweeted Fox/CNN/CNBC. Nothing wrong with claiming a bug bounty either.

EDIT: Just seen the message she sent to Fox 8 days ago, no idea what she did that for, still Apple should've responded to her emails.

It's pretty obvious what she did that for.

Big corporations ignore users unless the media is notified. As evidenced by this example.

 

[citysnaps]

I expected Apple to say they had issues with the group FaceTime feature and they are disabling it temporarily while they fix it. There is no need to state what the issues are but, for a company that talks about privacy, they should have shut down group FaceTime at once.

Which they did. After taking some time to verify and understand the nature as well as the extent of the bug. And, that disabling the group feature would indeed temporarily solve the problem, under a variety of edge cases, until a fix could be issued,

 

[SRLMJ23]

This is getting embarrassing for Apple. It seems almost every release of iOS/macOS/watchOS has some bugs in it. Some are minor and no real big issue, others like this are massive and are a HUGE issue!

Apple QA has just bombed over the years. Let's see how Apple tries to spin this one.

 

[Baymowe335]

Yeah, this just adds to my thesis that someone should lose their job over this.

Apple likely "knew" about it and was working on a fix, but didn't sound alarm bells because that's the worst thing you can do if the fix isn't implemented. Actually, it's still something you wouldn't want to publicize. Tough position.

We don't know the whole story, but Apple should have worked directly with this person more closely so she'd stop posting publicly.

 

[winterhalder]

I agree that a week for a serious privacy defect isn't optimal, but lets understand that news of this defect had to make it from social media folks to the support team then to the technical team, who would forward to the test team to reproduce (and understand under what % of conditions is appears), and then back to the technical team for assessment, and then up to management to debate on what the appropriate course of action is.

Could it have been done better? Yes, absolutely.

I guess I just don't feel that this blunder negates all the great work on privacy that they have otherwise been doing. Not for me anyway.

 

[I7guy]

The tweet that she sent tagging Apple Support is on her timeline from 20th January.

https://twitter.com/MGT7500/status/1087171594756083713

Still don’t know if she is the first, second, third or 10,000th.