Skip to main content
VentureBeat Homepage
  • Events
  • GamesBeat
  • Data Pipeline
  • Transform 2022
  • Account Settings
  • Log Out
  • Become a Member
  • Sign In

VentureBeat Homepage

VentureBeat

  • AR/VR
  • Big Data
  • Cloud
  • Commerce
  • DataDecisionMakers
  • Dev
  • Enterprise
  • Entrepreneur
  • Marketing
  • Media
  • Mobile
  • Security
  • Social
  • Transportation

Follow

follow us on Twitter follow us on Facebook follow us on LinkedIn Follow us on RSS

The Machine

  • AI
  • Machine Learning
  • Computer Vision
  • Natural Language Processing
  • Robotic Process Automation

Follow

Follow us on RSS

GamesBeat

  • Games
  • Esports
  • PC Gaming

Follow

follow us on Twitter Follow us on RSS

Events

  • Upcoming
  • Media Partner
  • Webinars

General

  • Newsletters
  • Got a news tip?
  • Advertise
  • Press Releases
  • Guest Posts
  • Contribute to DataDecisionMakers
  • Deals
  • Data Pipeline
  • Jobs
  • VB Lab
  • About
  • Contact
  • Privacy Policy

Join the VentureBeat Community

Free: Join the VentureBeat Community for access to 3 premium posts and unlimited videos per month.

Learn More

Sign up with your business e-mail to continue with ticket purchase

Please wait...

Share

  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
  • VentureBeat Homepage
  • Newsletters
  • Events

Apple reportedly left huge FaceTime privacy bug unaddressed for 6 days

Jeremy Horwitz@horwitz
January 29, 2019 11:25 AM
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Apple: Group FaceTime
Apple: Group FaceTime
Image Credit: Apple

Interested in learning what's next for the gaming industry? Join gaming executives to discuss emerging parts of the industry this October at GamesBeat Summit Next. Learn more.


Despite marketing itself as obsessed with user privacy, Apple reportedly waited six days to do anything about a disturbingly huge privacy issue in its FaceTime service — a problem that was only addressed after news of the issue spread across social media last night. The issue enabled FaceTime callers to listen in on remote devices’ microphone audio until recipients answered the calls, effectively letting users spy on conversations or other sounds for as long as the remote devices continued ringing.

According to a new report from 9to5Mac, a mother and her teenage son reported the bug to Apple on January 22, emailing Apple’s customer support and Product Security departments that they had “discovered a major privacy and security flaw in your newest update, that allows users to listen in on other individuals without their permission.” They later shared a private YouTube video with Apple documenting the issue, apparently on January 23.

In a series of tweets, tech entrepreneur John H. Meyer says that the unnamed mother, an attorney from Arizona, provided evidence that she informed Apple about the flaw via email on the 22nd, and sent a formal legal notice to the company on the 25th. In response, Apple apparently told her to sign up for an Apple developer account and file an online bug report to get onto their radar.

Though the bug reporting procedure may sound familiar to longtime Apple followers, the company’s apparently nonchalant attitude about rapidly responding to a serious privacy bug — one that took only a minute to reproduce — is all but shocking. Numerous recent reports have suggested that Apple took weeks if not months to address comparatively smaller security breaches flagged by researchers, hiding its fixes in sneaky advisories.

Event

Transform 2022

Join us at the leading event on applied AI for enterprise business and technology decision makers in-person July 19 and virtually from July 20-28.

Register Here

But a bug allowing FaceTime users to surreptitiously overhear audio from friends, family, or strangers is dangerous on a completely different scale. Worse yet, if the FaceTime call recipient dismissed the request by clicking the power or lock button, the buggy device would impermissibly share video, as well. It’s bad enough that Apple requires customers to use a formal bug reporting system for obvious technical issues — and sometimes never addresses them — but it’s terrible for such a huge company to lack a shortcut for rapidly addressing large-scale privacy or security violations.

Once reports of the privacy issue circulated on social media and were confirmed by journalists, Apple initially said that it would release a fix for the issue later this week, then shut down the Group FaceTime feature altogether on its servers. The company’s belated response ironically came on Data Privacy Day, shortly after Apple CEO Tim Cook encouraged his Twitter followers to “insist on action and reform for vital privacy protections,” saying that the “dangers are real and the consequences are too important.”

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.

Author
Jeremy Horwitz
Topics
Mobile Security Social

Transform 2022

Hear from senior executives at some of the world’s leading enterprises about their experience with applied Data & AI and the strategies they’ve adopted for success.

Register Here

Transform 2022

Join AI and data leaders for insightful talks and exciting networking opportunities in-person July 19 and virtually July 20-28.

Register Now

Join forces with VentureBeat at our upcoming AI & data events

Sponsor VB Events
  • VentureBeat Homepage
  • Follow us on Facebook
  • Follow us on Twitter
  • Follow us on LinkedIn
  • Follow us on RSS
  • VB Lab
  • Newsletters
  • Events
  • Special Issue
  • Product Comparisons
  • Jobs
  • About
  • Contact
  • Careers
  • Privacy Policy
  • Terms of Service

© 2022 VentureBeat. All rights reserved.

×

We may collect cookies and other personal information from your interaction with our website. For more information on the categories of personal information we collect and the purposes we use them for, please view our Notice at Collection.