Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]

[DynoRunnerr]

This is resolved, however, I think people are also blowing this out of proportion. If you hit decline, it stops; If you hit Accept it stops. The only way its eavesdropping is while its ringing, which stops eventually even if your not around your phone.

 

[Rogifan]

It says in the tweet that she had submitted a bug report.

It says submitted bug report to @AppleSupport. That’s not where bug reports are filed. We don’t know what kind of report was filed or what details were provided. And what does “waiting to hear back to provide details” mean? Waiting to hear back from Apple? Provide details to whom? Her twitter followers? Apple? Fox News?

 

[Unity451]

"Gah! Foiled again! I hope they don't find out what happens when you swap ears with the EarPods." - Timmy

 

[TheShadowKnows!]

Asking for money + going to FOX "news" = zero credibility

Why zero credibility?

1. Asking for money ::= monetizing her discovery using the same system that Apple is beholden to.
2. FOX "news" ::= yes, shows poor taste on her news sources. She likes the taste of Orangina (almost 50% of the population did in 2017).

Neither ranks to zero credibility.

The saving grace (to Apple) is that she contacted "9to5mac", which led to headlines, and got Apple's proper attention -- it could have been exponentially worse if exploited, and the results published, by a bad actor.

 

[Bornee35]

A bug which can be used to "Invade" someones privacy? Don't you see the point I'm trying to make? You are the one coming defensive in this case.

Turn off FaceTime. Privacy secured. It’s a bug. Can’t turn off other company’s from selling your data. Privacy insecure. It’s a feature.

 

[Rogifan]

Discovered 8 days ago.... No action was taken (that we know of).

Made headlines last night.... Action taken within a couple hours.

You see what I’m saying?

And? Of course it was disable once this spread like wildfire and everyone was stupidly trying to re-create the bug.

 

[weup togo]

It's pretty obvious what she did that for.

Big corporations ignore users unless the media is notified. As evidenced by this example.

Apple employees often joke that the best way to get a serious bug fixed is to Tweet about it.

 

[Rob_2811]

It says submitted bug report to @AppleSupport. That’s not where bug reports are filed. We don’t know what kind of report was filed or what details were provided. And what does “waiting to hear back to provide details” mean? Waiting to hear back from Apple? Provide details to whom? Her twitter followers? Apple? Fox News?

She also registered for a dev account and reported it at bugreport.apple.com and emailed product-security@apple.com


https://twitter.com/al45tair/status/1090162841448050688

https://twitter.com/MGT7500/status/1090163397788745728

 

[mi7chy]

Tim Cook has a good reason he didn't get the warning since he was out championing the privacy spin.

 

[1050792]

Turn off FaceTime. Privacy secured. It’s a bug. Can’t turn off other company’s from selling your data. Privacy insecure. It’s a feature.

Turn off Face Time, because 99% of the users are aware of their privacy being leaked and are well aware on how to turn off Face Time, or "workarounds". If you stop being defensive then I'll keep the conversation with you. Until then it's not worth to keep beating on this since every true fact thrown to you will be pointed out as "turn it off muhhhh".

 

[citysnaps]

Uummm they could’ve just taken Group FaceTime down when they discovered this and then brought it back online when it was fixed without saying a word about the bug.

Ummmm...It's great having hindsight as to the nature, circumstances, edge case, extent, potential fix, and threat of the bug ahead of time, as you have now. It's so obvious when that information is handed to you.

 

[jumanji]

you guys realize bugs happen, right? you can't just go one what everyone just reports either. you have to validate and duplicate before you can understand. i bet tons of people mention apple in a tweet everyday.

 

[jcphoenix]

Once the issue was already making headlines. The tweet that tags Fox is from yesterday

This is not correct. The very first tweet she made about the bug on January 20, more than a week ago, already tagged Fox News.

And the day before she made the tweet, she actually messaged Fox News directly, right after she submitted the bug report. So her saying she wanted to keep it private to give them a chance to fix it seems rather questionable to me.

 

[iapplelove]

Yet they claim they care about privacy, marketing 101.
I wonder how can people still defend Apple in this case.

I don’t defend them. They are no better than google to me.

 

[phr0z3n]

And? Of course it was disable once this spread like wildfire and everyone was stupidly trying to re-create the bug.

I believe that's the point.

 

[citysnaps]

Yes, because they control the vertical, and they control the horizontal with respect to FaceTime. It all has to go through their servers. With the flick of a Return key they can turn the whole thing off. They should have done that and then blasted out why it was off. They are stupid, or greedy, or on drugs. I just don't know anymore.

Well, there you go. I see where your head's at.

 

[Delgibbons]

While it only made the news yesterday, it appears Apple was alerted to a major FaceTime privacy bug over a week ago.

Twitter user MGT7500 tagged the official Apple Support account in a January 20 tweet claiming that her 14-year-old son discovered a "major security flaw" that allowed him to "listen in to your iPhone/iPad without your approval." The user also tagged Tim Cook on the issue in a follow-up tweet on January 21.

​

Once the bug started making headlines on Monday, the Twitter user then shared additional tweets claiming that they had also emailed Apple's product security team over a week ago. A screenshot of the email was shared, and it appears the team did respond, but what they said is not visible in the screenshot.

​

The user acknowledges having wanted to receive a monetary reward under Apple's bug bounty program, but she claims she still proceeded to alert Apple to the bug by phone, fax, and with an official bug report nonetheless. She also wanted to keep the bug private, but she did tweet Fox News about it.

All in all, there is evidence that Apple Support was tagged about an eavesdropping bug eight days before it made headlines, and if the rest of the tweets are truthful, the company was also alerted about the bug via several other avenues.

Apple has temporarily disabled Group FaceTime, as adding your own phone number to a FaceTime call was the underlying cause of the bug, while it rushes to prepare a software update with a permanent fix. Apple said that update will arrive "later this week," but it wouldn't be surprising to see it today.

Apple did not immediately respond to our request for comment about when it discovered the bug and how long it existed.

Article Link: Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago

Updated "holier than thou" ad spotted in Vegas.

 

[1050792]

I don’t defend them. They are no better than google to me.

I wonder how you think my point was exactly directed to you since you don't defend them? It was obviously for those who do that you see here everyday

 

[macfacts]

Apple employees often joke that the best way to get a serious bug fixed is to Tweet about it.

Also, the best way to get your apple hardware fixed is to start a class action lawsuit.

 

[Bornee35]

Turn off Face Time, because 99% of the users are aware of their privacy being leaked and are well aware on how to turn off Face Time, or "workarounds". If you stop being defensive then I'll keep the conversation with you. Until then it's not worth to keep beating on this since every true fact thrown to you will be pointed out as "turn it off muhhhh".

You’re equally set in your opinion. So the hypocrisy is real.

 

[Rob_2811]

This is not correct. The very first tweet she made about the bug on January 21, more than a week ago, already tagged Fox News.

Yes I edited my post hadn't seen the message she initially sent to Fox

 

[Rogifan]

Hmm...

 

[Roadstar]

Here I thought - 'Wow, great job Apple in turning off FaceTime Group messaging for now until the bug can be fixed. That was fast and responsive and shows the company is determined to fight for our privacy."

Now, I am like - "We had this issue for a week and it wasn't until mainstream media picked up on it and started blasting Apple, that they acted on it?"

Last night, you were my hero - today, zero.

Yep, my initial impression was also that they quickly took down the vulnerable service and were working on a fix. At that point I applauded Apple for doing the right thing. However, if they really ignored the issue for a week first, then it’s a whole different issue and Apple’s looking much worse here.

 

[AdonisSMU]

Ok then why did they only disable Group FaceTime yesterday? Seriously, Apple, how many people had their privacy infringed in the last 8 days? Not cool.

They probably didn't know where the bug is coming from. These investigations take time. I wouldn't be surprised if it took several days to go through the corporate structure to find the engineers who could actually address this bug and understand this part of the code well enough to recommend temporary fixes.

 

[keysofanxiety]

Sadly this isn't the first time a bug has apparently been reported multiple times to Apple but only dealt with once the press got a hold.

Take the calculator lag for instance. That was reported frequently in the betas but only fixed when the press made a fuss about it and the Android users had a good laugh at Apple's expense.

It's disappointing because there seems to be some fundamental lack of communication between bug reports, engineers, and upper management. It makes them look blisteringly incompetent over small things that could have been so easily fixed.