Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Wouldn't call this serious as it doesn't affect many people, doesn't destroy data, ...

You don't think anyone being able to remote listen in on your conversations remotely isn't a big deal? Especially considering stukdog's post above, suggesting if you repeat the process you can make the original Facetime request disappear.

Even more worrying than this specific issue - is that if Apple have missed something as major as this; what else have they missed? How many other exploits could be out there?
 
Am I recalling something incorrectly, but wasn't there some mention of a feature that FaceTime will actually start transmitting your side of things when you are calling so that the recipient can already see you (perhaps even hear you somehow) before they even answer? Sounds a little odd, but I can almost swear I recall this being something that was a new feature or something like that.
 
  • Like
Reactions: BigMcGuire
Ahh macrumors, make three different stories about a huge issue to spread it out

It's went down hill with Apple and this site for years

Anymore it's just advertising on the front page of macrumors. That's why you see every beta posted on the front page.

You know things are bad when the front page here starts hiding all the problems with beta releases I guess it just works that way.

I thought the whole point with Apple for a decade was that you paid extra so this doesn't happen?
 
Ahh macrumors, make three different stories about a huge issue to spread it out

It's went down hill with Apple and this site for years

Anymore it's just advertising on the front page of macrumors. That's why you see every beta posted on the front page.

You know things are bad when the front page here starts hiding all the problems with beta releases I guess it just works that way.

I thought the whole point with Apple for a decade was that you paid extra so this doesn't happen?
So the problems are hidden, yet there are three stories about a problem? o_O
 
You don't think anyone being able to remote listen in on your conversations remotely isn't a big deal? Especially considering stukdog's post above, suggesting if you repeat the process you can make the original Facetime request disappear.

Even more worrying than this specific issue - is that if Apple have missed something as major as this; what else have they missed? How many other exploits could be out there?
What's even more worrying is what did Google, Microsoft or Amazon miss. Yeah, it's a stupid, serious bug that will be addressed pronto by Apple.
 
You may totally miss the point.

Accessing a user’s phone’s mic without them interacting/allowing it is so against all iOS conventions and far beyond a simple bug.

Nothing should ever happen on my side of that call if I don’t move that darn slider.
This bug is probably showing up because they allow without your knowing in other scenarios
It should never behave this way ever

Not for anything ever except listening for hey siri to do anything else. That's a whole different layer.

But Apple is best with privacy /s
No they are not and likely worse until they have open source software and audits Or do people need examples of Apple flat out lying to customers
[doublepost=1548728898][/doublepost]
What's even more worrying is what did Google, Microsoft or Amazon miss. Yeah, it's a stupid, serious bug that will be addressed pronto by Apple.
Only addressed now that it's in the news. Don't you see a trend yet?
 
This bug is probably showing up because they allow without your knowing in other scenarios
It should never behave this way ever

Not for anything ever except listening for hey siri to do anything else. That's a whole different layer.

But Apple is best with privacy /s
No they are not and likely worse until they have open source software and audits Or do people need examples of Apple flat out lying to customers
[doublepost=1548728898][/doublepost]
Only addressed now that it's in the news. Don't you see a trend yet?
Now that it's news or now that it's known? And is it only being addressed because it's in the news or the news of it being addressed is in the news because Apple needed to address the news but has been working on and planning to release a fix even prior to that?

As far as privacy, there's a difference of having actual features that knowingly impose on it and having an unintentional bug that crafted and issue.
 
You may not understand that despite loads of QC, beta testings, etc, software bugs still manage to slip through under the right set of conditions and circumstances. Especially with respect to complex software.

I've yet to see 100% perfection. From anyone.

Nothing is 100% perfect. However, when a bored taxi driver can hack the phone in a few attempts, QA engineers haven't tried hard enough. Sorry, there should be someone in the company who's trying to hack the interface 8 hours a day.

If I test an email app, I need to try what happens when the From and To addresses are the same, or empty. Similarly, we need to test what happens when we add ourselves into an existing conversation. These are common boundary conditions.
 
  • Like
Reactions: AutisticGuy
Nothing is 100% perfect. However, when a bored taxi driver can hack the phone in a few attempts, QA engineers haven't tried hard enough. Sorry, there should be someone in the company who's trying to hack the interface 8 hours a day.
By that logic winning a lottery shouldn't be hard since a random person who just decides to play it one time has been able to win it at one point, then surely plenty of those whi play all kinds of combinations each time would surely win and probably more than once. That certainly holds up.
 
Terrible.

I’m not a programmer, but I have a hard time understanding how this happened. Is it so complicated (especially for a self-professed privacy-focused company) to program FaceTime so that:

‘if user consent action status (e.g. accepting call) has not been given, then audio and video is never ever sent under any circumstances, overriding any other settings or preferences’

Is that really very hard to program? Genuine question!
 
You think the US is behind China with spying? Lol

No they probably just got caught messing up the layer like plain text passwords in Osx.

If it's not open source you have no idea. Encryption doesn't matter on closed source.

How many times does Apple need to lie to customers before you realize?

Man Apple was decent until Woz washed his hands of it all That's when everything began to change No heart anymore, no love, just show and they can't even do the show without Jobs

When you dig into it Apple isn't just emulating the worst from Microsoft. They are setting a new standard

Don't be a fan boy of any company making a profit from you. They will ride that into the ground in spectacular fashion.

Nothing will change until you have open source software that people can see and be able to choose what you want.

A walled garden is the same as a prison You actually think Apple is keeping you safe by saying that you can only use a reskined browser and keyboard

I wish they would open source Osx and ios for people to see. But they are not going to do that are they? Isn't any privacy by a company selling glass as a solid wall. How can you know the difference

We learned all this with Snowden and PRISM
 
  • Like
Reactions: Mal Blackadder
So as soon as I don't answer and the call is cancelled because I didn't answer, everything ends right? Like calls going to VM after x rings? It's not like an unlimited spy tool, right?

FaceTime is off until it gets fixed though - not like I get many calls let alone FaceTime calls :p.
[doublepost=1548731771][/doublepost]
I did this to my friends several times just today. and one did not have their phone nearby, the call went on for close to an hour. I could listen to his phone till he declines the call.

Guess not. Wow.
 
Terrible.

I’m not a programmer, but I have a hard time understanding how this happened. Is it so complicated (especially for a self-professed privacy-focused company) to program FaceTime so that:

‘if user consent action status (e.g. accepting call) has not been given, then audio and video is never ever sent under any circumstances, overriding any other settings or preferences’

Is that really very hard to program? Genuine question!
Seems like they would of had something in place and screwed up the security layer one would normally have.

The question is why they had it in the first place to swap it around so easily with just a bug.

Seems like they had it in place already to relay it to somewhere else. A bug usually breaks it this points to sending it to a third party all the time. Unless they want to explain it which you know they won't.

I'm not a conspiracy guy buy I'd guess it's related to PRISM or whatever they call it now
 
This kind of stuff don't surprise me that much. As stated earlier in this thread, enough is enough. Since a couple of years, iOS bugs becomes way more frequent than before and takes way too long to be solved. Nowadays, its not rare that you'll see irritating bugs coming out of nowhere during beta test, you report this to Apple, and those bugs are STILL there 3-4 or even more than 5-6 months later.

There's some Accessibility bugs related to smart invert colours they never fixed that are present since iOS 12.0 beta 2, and new ones since 12.1. Apple needs to be way more proactive. Its not serious at all that bugs can last a year without any fix at all.
 
Seems like they would of had something in place and screwed up the security layer one would normally have.

The question is why they had it in the first place to swap it around so easily with just a bug.

Seems like they had it in place already to relay it to somewhere else. A bug usually breaks it this points to sending it to a third party all the time. Unless they want to explain it which you know they won't.

I'm not a conspiracy guy buy I'd guess it's related to PRISM or whatever they call it now
https://wikipedia.org/wiki/Hanlon%27s_razor
 
Seems like a clever way to provide a back door to your OS while still ostensibly keeping your promise of end-to-end encryption. How can anyone be sure there aren’t other ways to invoke this?
 
  • Like
Reactions: sero
Wow, the video angle is even worse. I had given my wife the advice to hit power to stop it ringing. That just makes it worse.

Everybody needs to disable FaceTime now. Apple should shut it off at the server right away until they have a fix.
 
  • Like
Reactions: DanJBS
Again, there's all of that as far as improving things and so forth, but the point still stands that even with all of that perfection is basically something that doesn't exist, and sooner or later something will still surface, and that something could still be rather bad. No one is saying that things couldn't or shouldn't be better, but at the same time it's also not really practical to say that even if things are better that they would be perfect and that something still won't pop up somewhere.

I am sorry, but you are downplaying a really bad failure in QC in a security relevant iOS core technology, and I can’t by any means understand why you would want to do so.

You might not be a software engineer, but there are enough techniques to prevent these kind if bugs and some are really basic and not even special security related patterns.

This app starts the whole VOIP stack behind an “incoming call” screen. If you don’t understand that this is an application state that should not exist and that managment of application state is crucial for these kind of apps and a proven technique, I won’t be able to explain the engineering problem at hand to you. And that’s still not looking at all the other levels (multi-me in group chat, no physical user interaction check, no hard stop on press of power button) that should have prevented this supergate from happening. None of these checks were in place. This is a huge failure.

You might also agree that the amount of testing and QC that Boeing might put into their product might result in better products and “**** happens” might a more appropriate answer coming from your corner bicycle shop than from a plane company.

“**** happens” is always true, but lacks any insight into proven techniques of how to prevent **** to happen or leak in crucial situations. That said, may your diapers always match your needs.

(There are great patterns in diaper design, btw., that some might not know about and that still make the whole thing much more reliable and safe these days and therefor are standard now in diaper manufacturing.)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.