Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Was Apparently Notified About Major FaceTime Eavesdropping Bug Over a Week Ago [Updated]

Roadstar said:
I work in software development and I’m perfectly aware of all the complexities and delays involved. However, when faced with a plausible claim about a severe vulnerability in your service, you take it down first to prevent further damage/abuse and then investigate what to do to remedy the situation. The absolutely first thing to do is to stop the bleeding.
Click to expand...

It also depends on how many people Apple has working on filtering legit from non-legit (user ignorance) issues, before escalating.
For example, Apple might have bad resource management (only assigning only few people to filter the many many daily incoming issues 'crying wolf') and it was sitting in the queue for 3 or 4 days before escalation to qualified engineers to assess the priority.
 
  • Like
Reactions: tbayrgs
keysofanxiety said:
Sadly this isn't the first time a bug has apparently been reported multiple times to Apple but only dealt with once the press got a hold.

Take the calculator lag for instance. That was reported frequently in the betas but only fixed when the press made a fuss about it and the Android users had a good laugh at Apple's expense.

It's disappointing because there seems to be some fundamental lack of communication between bug reports, engineers, and upper management. It makes them look blisteringly incompetent over small things that could have been so easily fixed.
Click to expand...
Ship has grown too large.
 
  • Like
Reactions: Rob_2811 and AlumaMac
Roadstar said:
The point is to first stop the initial bleeding, i.e. take down the vulnerable service. Only after that you’ll start figuring out a proper fix.
Click to expand...
How do you know to take that service down right away? What happens if its not that service that is at issue but another service or something deeper or something conflicting? You don't know. You are assuming. Again your assumptions are flawwed because Apple found a way to temporarily resolve the issue and you're just piling on after the fact. What would happen if the disabled the service and it still showed people were allowed to eavesdrop on others? Again stop making assumptions. You don't know how the bug made it through Apple's corporate structure or how the temporary fix ultimately came to be.
 
  • Like
Reactions: chabig, killhippie and Rogifan
Art Mark said:
What?

Did you want a 30 minute bug fix for a telecommunications app?

What exactly would you have done?
Click to expand...
He's saying they should have closed Group Face Time when they first heard the reports instead of today when it became public with highlighted headlines in the media. Nobody expects a bug fix in a day but communication is key and in this regard Apple always fails, unless it's media related and they start working their engines to clean their name, just like what happened with iOS 12, battery gate, broken MBP's keyboards, root invulnerabilities and so on.
 
  • Like
Reactions: pat500000
Rogifan said:
No. I’m not taking the word of some random person on the internet and assuming it’s 100% true. Too many sketchy things about it. But if they’re reaching out to all these news orgs let them provide all the correspondence along with Apple’s response.
Click to expand...

What we do know is she tweeted on the 20th January describing an issue her son had found in iOS which sounds very much like the FaceTime evesdropping bug that has made the headlines in the last two days.

She also says in that tweet that she had filed a bug report and in another tweet she posted an email exchange between herself and Apple Product Security which seems to be from 22nd January. Link below.

https://twitter.com/MGT7500/status/1090079031666438144

Nobody is assuming what she is saying is 100% true. If she has 100% made it up how do you explain the tweet from nine days ago referencing an issue in iOS which allows you to "listen in to your iPhone/iPad without your approval." ?
 
Rogifan said:
Perhaps they didn’t know enough about the nature of the bug and the appropriate fix but once it ended up all over the news and everyone was stupidly trying to re-create it it became necessary to shut down.
Click to expand...

Exactly. Now that everyone here knows everything (potentially, possibly/likely not) there is to know about the bug; ie the nature of the threat, the circumstances, extent, having all the potential edge cases explored, a potential solution that addresses the problem that is thoroughly tested, etc, etc. it's a very easy fix for the arm chair QC pundits having the benefit of full knowledge.
[doublepost=1548781800][/doublepost]
69Mustang said:
@Rogifan didn't have excellent points. They were actually terrible points unrelated to the actual issue of the exploit. Purely obfuscation. Asking about Fox News goes to the motivation of the mother, not Apple. If she was looking for a buck, so what? Why should we care? We don't buy hardware from her.

Where we should care is Apple's reaction. Apple knew about the issue for over a week and only decided to shut down FT after the news became widespread. We all know it didn't take a week to verify the issue. We the public verified it minutes after finding out about it. When they saw the exploit as viable, they should have shut it down for a fix instead of waiting until it hit critical mass in the public eye. Typical corporate speak explanation after the fact would have been sufficient.

That ain't what they did. But yeah, let's talk about some random lady wanting to get paid as if it's relevant regarding the exploit.
Click to expand...

See above.
 
  • Like
Reactions: G5isAlive
Rob_2811 said:
What we do know is she tweeted on the 20th January describing an issue her son had found in iOS which sounds very much like the FaceTime evesdropping bug that has made the headlines in the last two days.

She also says in that tweet that she had filed a bug report and in another tweet she posted an email exchange between herself and Apple Product Security which seems to be from 22nd January. Link below.

https://twitter.com/MGT7500/status/1090079031666438144

Nobody is assuming what she is saying is 100% true. If she has 100% made it up how do you explain the tweet from nine days ago referencing a issue in iOS which allows you to "listen in to your iPhone/iPad without your approval." ?
Click to expand...
She says she filed a bug report with @Applesupport. That twitter account doesn’t handle bug reports. I’d be curious to know what she sent them. Does she have the DMs? And again, she didn’t provide the entire email string. You can’t see what Devan with Apple Product Security responded. That part is cut off. Again what I’m skeptical about is that this person contacted Apple in all these different ways, provided proper bug reports via proper channels and was completely ignored. Unfortunately we don’t have all the back and forth communication. We don’t know how Apple responded.
 
Rogifan said:
The fact that this person was tweeting ever news org under the sun last night yet won’t share the full emails/bug reports or Apple’s response. Sketchy to me. But I guess I shouldn’t be surprised that a site like this believes 100% some random person on the internet. It makes Apple look bad so of course people here believe it.
Click to expand...
The fact is you did what you typically do. You hype the superfluous around the periphery and downplay the crux of the issue. The simple fact is even if the woman was out to do nefarious damage, it wouldn't change Apple's reaction to the issue. Somehow you want to give the impression that the woman's actions seeking fame and fortune is equivalent to Apple's negligent disregard on the issue of the actual exploit. Those two things don't carry equal weight.
 
  • Like
Reactions: AndyMacAndMic, Sincci, sofila and 3 others
At this point, iOS is so intertwined, that touching anything in the code usually breaks something else (hence this bug).
So when a new bug is found like this FaceTime cockroach, it's not like they can tweak a couple lines of code and send out an update.
First, somebody has to figure out what the heck happened and why it's happening — then figure out how to fix it without creating new bugs.
It's a nightmare job.
 
just goes to show that Apple can't do things right these days. Software is a joke, hardware lineup is neglected, iPhone prices are rising and yet they keep talking about how amazing things are in the pipeline.
Perfect, the days of solid Apple is gone it seems. Shame that the alternatives are not amazing either as otherwise I would have jumped ships ages ago. My twitter ads for Apple are all filled with iPhone XR and the new iPad. I'm "glad" thats really the focus now. This WWDC better a stellar or Apple is totally ****ed
 
Rogifan said:
She says she filed a bug report with @Applesupport. That twitter account doesn’t handle bug reports. I’d be curious to know what she sent them. Does she have the DMs? And again, she didn’t provide the entire email string. You can’t see what Devan with Apple Product Security responded. That part is cut off. Again what I’m skeptical about is that this person contacted Apple in all these different ways, provided proper bug reports via proper channels and was completely ignored. Unfortunately we don’t have all the back and forth communication. We don’t know how Apple responded.
Click to expand...

This has already been answered once in post #108.
 
Big whoop.

I report bugs to apple all the time and they NEVER fix them.

Every time I run the MacOS beta, my computer will never Auto Connect to WiFi when I wake up the Mac. I have to manually connect to my WiFi network every time.

This has been a bug for multiple MacOS versions and they never fix it no matter how many times I report it.

They release the GM with the big fixed, then they revert the big when the next Beta is released. Like what the hell are they doing?
 
69Mustang said:
The fact is you did what you typically do. You hype the superfluous around the periphery and downplay the crux of the issue. The simple fact is even if the woman was out to do nefarious damage, it wouldn't change Apple's reaction to the issue. Somehow you want to give the impression that the woman's actions seeking fame and fortune is equivalent to Apple's negligent disregard on the issue of the actual exploit. Those two things don't carry equal weight.
Click to expand...
Serious question, do you, or don't you, believe this woman is seeking fame?
 
  • Like
Reactions: chabig and Rogifan
Reality is there is no full proof way to have cameras and mics and be sure your device is safe no matter what. Wether its a stupid bug Apple misses or the NSA hacking your phone. The only safety measure is to black out your cameras and try and muffle your mic when not in use(maybe some kind of case)

These things will no doubt get worse as humans continue to merge with devices/tech but it's the price you pay for having these things at your disposal.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back