Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]

[otternonsense]

This is resolved, however, I think people are also blowing this out of proportion. If you hit decline, it stops; If you hit Accept it stops. The only way its eavesdropping is while its ringing, which stops eventually even if your not around your phone.

And it's just as common letting the phone ring and use the volume or power button to silence the tone/vibration (for whatever reason --wanting to appear indisposed without directly declining etc).

So no, I don't think they are blowing this out of proportion.

 

[Rob_2811]

Hmm...

Incredible that she's such a good liar she put out a tweet on the 20th January to make it all look right

 

[iAVERY]

Android: Life is better here. Android has come a long way. My 19 yr old son is even fed up with Apple phones and he loves my Note. Wife loves her new S9 over the SE. Son is getting the S10 when it comes out in a few weeks. Ditto for his GF.

I was going to make some snippy comment about you being the product but you probably already know that you are.

 

[AdonisSMU]

Yep, my initial impression was also that they quickly took down the vulnerable service and were working on a fix. At that point I applauded Apple for doing the right thing. However, if they really ignored the issue for a week first, then it’s a whole different issue and Apple’s looking much worse here.

People are so naive about how businesses work in particular software works. Unless you are at a small start up it can take days to get even critical information to the engineers and even after that it could take several days to fix or find solutions to a bug even major bugs. It's just not realistic.

 

[brenton289]

Eh, if you value privacy then you shouldn't be using video calling in the first place.

 

[Roadstar]

Where does it say Apple didn't take any action when it was first reported? Did I miss something?

All the article states is that Apple was informed of the bug eight days earlier. Doesn't say that Apple did nothing about it.

Well, if they really knew about it eight days earlier, we have proof that they didn’t do the right thing as group FaceTime remained available up until today.

 

[69Mustang]

Excellent points.

@Rogifan didn't have excellent points. They were actually terrible points unrelated to the actual issue of the exploit. Purely obfuscation. Asking about Fox News goes to the motivation of the mother, not Apple. If she was looking for a buck, so what? Why should we care? We don't buy hardware from her.

Where we should care is Apple's reaction. Apple knew about the issue for over a week and only decided to shut down FT after the news became widespread. We all know it didn't take a week to verify the issue. We the public verified it minutes after finding out about it. When they saw the exploit as viable, they should have shut it down for a fix instead of waiting until it hit critical mass in the public eye. Typical corporate speak explanation after the fact would have been sufficient.

That ain't what they did. But yeah, let's talk about some random lady wanting to get paid as if it's relevant regarding the exploit.

 

[1050792]

I was going to make some snippy comment about you being the product but you probably already know that you are.

So basically you are a product in other segments, don't you tell me that you have an Apple refrigerator, TV (Real one), radio, car, search engine, social media, does Apple "offer" these or you're living under a rock?

 

[Rogifan]

I believe that's the point.

Perhaps they didn’t know enough about the nature of the bug and the appropriate fix but once it ended up all over the news and everyone was stupidly trying to re-create it it became necessary to shut down.

 

[Roadstar]

People are so naive about how businesses work in particular software works. Unless you are at a small start up it can take days to get even critical information to the engineers and even after that it could take several days to fix or find solutions to a bug even major bugs. It's just not realistic.

I work in software development and I’m perfectly aware of all the complexities and delays involved. However, when faced with a plausible claim about a severe vulnerability in your service, you take it down first to prevent further damage/abuse and then investigate what to do to remedy the situation. The absolutely first thing to do is to stop the bleeding.

 

[Rogifan]

@Rogifan didn't have excellent points. They were actually terrible points unrelated to the actual issue of the exploit. Purely obfuscation. Asking about Fox News goes to the motivation of the mother, not Apple. If she was looking for a buck, so what? Why should we care? We don't buy hardware from her.

Where we should care is Apple's reaction. Apple knew about the issue for over a week and only decided to shut down FT after the news became widespread. We all know it didn't take a week to verify the issue. We the public verified it minutes after finding out about it. When they saw the exploit as viable, they should have shut it down for a fix instead of waiting until it hit critical mass in the public eye. Typical corporate speak explanation after the fact would have been sufficient.

That ain't what they did. But yeah, let's talk about some random lady wanting to get paid as if it's relevant regarding the exploit.

The fact that this person was tweeting ever news org under the sun last night yet won’t share the full emails/bug reports or Apple’s response. Sketchy to me. But I guess I shouldn’t be surprised that a site like this believes 100% some random person on the internet. It makes Apple look bad so of course people here believe it.

 

[AdonisSMU]

I work in software development and I’m perfectly aware of all the complexities and delays involved. However, when faced with a plausible claim about a severe vulnerability in your service, you take it down first to prevent further damage/abuse and then investigate what to do to remedy the situation. The absolutely first thing to do is to stop the bleeding.

You don't know how long it took them to find a way to stop the bleeding. That's the point. You're just assuming they weren't trying to stop the bleeding. You don't have enough facts to make the assumptions and implied assumptions you are making.

 

[Rob_2811]

@Rogifan didn't have excellent points. They were actually terrible points unrelated to the actual issue of the exploit. Purely obfuscation. Asking about Fox News goes to the motivation of the mother, not Apple. If she was looking for a buck, so what? Why should we care? We don't buy hardware from her.

Where we should care is Apple's reaction. Apple knew about the issue for over a week and only decided to shut down FT after the news became widespread. We all know it didn't take a week to verify the issue. We the public verified it minutes after finding out about it. When they saw the exploit as viable, they should have shut it down for a fix instead of waiting until it hit critical mass in the public eye. Typical corporate speak explanation after the fact would have been sufficient.

That ain't what they did. But yeah, let's talk about some random lady wanting to get paid as if it's relevant regarding the exploit.

Exactly.

Being more concerned about the behaviour of some Arizona teens mother than one of the wealthiest corporations in the world with access to the personal data of billions is purely trying to muddy the waters.

 

[johannnn]

“Apple was reported”

...

“Tweeted an Apple support account”

LOL.

That’s not really how big reports are submitted.

 

[Rogifan]

Well, if they really knew about it eight days earlier, we have proof that they didn’t do the right thing as group FaceTime remained available up until today.

IF is the operative word.

 

[Analog Kid]

I've always wished that the iOS devices had a light to show the camera was on the way the Mac does.

 

[Rob_2811]

The fact that this person was tweeting ever news org under the sun last night yet won’t share the full emails/bug reports or Apple’s response. Sketchy to me. But I guess I shouldn’t be surprised that a site like this believes 100% some random person on the internet. It makes Apple look bad so of course people here believe it.

She has posted one of them on twitter

https://twitter.com/MGT7500/status/...29/apple-apparently-notified-on-facetime-bug/

 

[otternonsense]

Ok then why did they only disable Group FaceTime yesterday? Seriously, Apple, how many people had their privacy infringed in the last 8 days? Not cool.

How many people have had their privacy infringed in the last 3 months since iOS 12.1 was out?

 

[Roadstar]

You don't know how long it took them to find a way to stop the bleeding. That's the point. You're just assuming they weren't trying to stop the bleeding.

The point is to first stop the initial bleeding, i.e. take down the vulnerable service. Only after that you’ll start figuring out a proper fix.

 

[longofest]

Apple's callousness with security is astounding.

 

[Chino3]

I just love how this "concerned" mother was going ham about notifying social media about this. All that "concern" and effort, and she still has a chitty twitter following lol.

 

[Rogifan]

Exactly.

Being more concerned about the behaviour of some Arizona teens mother than one of the wealthiest corporations in the world with access to the personal data of billions is purely trying to muddy the waters.

No. I’m not taking the word of some random person on the internet and assuming it’s 100% true. Too many sketchy things about it. But if they’re reaching out to all these news orgs let them provide all the correspondence along with Apple’s response.

 

[Art Mark]

A week ago? It was intentional then. If alerted and didn’t resolve it asap...it was intentional,

Tim (FaceTime bug iPhone recording: it’s okay phill....enhancing our phone price will be amazing...

What?

Did you want a 30 minute bug fix for a telecommunications app?

What exactly would you have done?

 

[pat500000]

@Rogifan didn't have excellent points. They were actually terrible points unrelated to the actual issue of the exploit. Purely obfuscation. Asking about Fox News goes to the motivation of the mother, not Apple. If she was looking for a buck, so what? Why should we care? We don't buy hardware from her.

Where we should care is Apple's reaction. Apple knew about the issue for over a week and only decided to shut down FT after the news became widespread. We all know it didn't take a week to verify the issue. We the public verified it minutes after finding out about it. When they saw the exploit as viable, they should have shut it down for a fix instead of waiting until it hit critical mass in the public eye. Typical corporate speak explanation after the fact would have been sufficient.

That ain't what they did. But yeah, let's talk about some random lady wanting to get paid as if it's relevant regarding the exploit.

Some people refuse to believe the truth.

 

[Rogifan]

She has posted one of them on twitter

https://twitter.com/MGT7500/status/1090079031666438144?ref_src=twsrc^tfw|twcamp^tweetembed|twterm^1090079031666438144&ref_url=https://www.macrumors.com/2019/01/29/apple-apparently-notified-on-facetime-bug/

Where’s the response from Devan at Apple Product Security? Why is that cut off?