[Update: Fixed!] FaceTime for Mac Has a Security Issue
With yesterday’s announcement of FaceTime for Mac, people everywhere have been testing out FaceTime with their fellow Mac users. I’ve done test calls to Macs from my iPhone 4 and so far so good. It’s pretty amazing to be able to do this so easily.
However, it’s not all fun and games. Apparently, FaceTime for Mac beta has a gaping security hole. According to MacNotes.net:
Once youâ€™ve logged into FaceTime you can have a look at all the account settings of the used Apple ID. Username, ID, place and birth date are shown as well as the security question and the answer to it â€“ in plain text, without another password request. To reset the password to an Apple ID, all you need it the exact birth date and the answer to the security question â€“ we tried that out for you, and it worked fine.
So it looks like the FaceTime for Beta needs an immediate update to close this security hole. Common sense and knowing who’s using your computer can help prevent others from gaining access to your data. Let’s hope this if fixed soon by Apple. Either way, I’m still enjoying FaceTime for Mac!
Update 1: It looks like Apple has closed this security hole! According to CocoaTouchApps:
They blocked FaceTime access to the iTunes Store servers completely. Â If you were to go into FaceTime preferences and click Account, youâ€™ll see two options available: Change Location and View Account. Â Go ahead, click View Account. Â The next page will attempt to load but immediately bounce you back to the Account preferences panel. Â Itâ€™s a sneaky work around to a potentially serious security flaw.
Yup, I just tried the above. There’s no way to “View Account” within the FaceTime app. Now that was a quick turnaround time for the fix. Still, it shouldn’t have happened!