VentureBeat Homepage
  • The Machine
  • GamesBeat
  • Jobs
  • Special Issue
  • Account Settings
  • Log Out
  • Become a Member
  • Sign In

VentureBeat Homepage

VentureBeat

  • AR/VR
  • Big Data
  • Cloud
  • Commerce
  • Dev
  • Enterprise
  • Entrepreneur
  • Marketing
  • Media
  • Mobile
  • Security
  • Social
  • Transportation

Follow

follow us on Twitter follow us on Facebook follow us on LinkedIn Follow us on RSS

The Machine

  • AI
  • Machine Learning
  • Computer Vision
  • Natural Language Processing
  • Robotic Process Automation

Follow

Follow us on RSS

GamesBeat

  • Games
  • Esports
  • PC Gaming

Follow

follow us on Twitter Follow us on RSS

Events

  • Upcoming
  • Transform
  • Media Partner
  • Webinars

General

  • Newsletters
  • Got a news tip?
  • Advertise
  • Press Releases
  • Guest Posts
  • Deals
  • Jobs
  • VB Lab
  • About
  • Contact
  • Privacy Policy
×

Join the VentureBeat Community

Free: Join the VentureBeat Community for access to 3 premium posts or videos a month.

Learn More
Please wait...

Share

  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Profile

  • VentureBeat Homepage
  • Newsletters
  • Events

Apple reportedly left huge FaceTime privacy bug unaddressed for 6 days

Jeremy Horwitz@horwitz January 29, 2019 11:25 AM
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
Apple: Group FaceTime
Apple: Group FaceTime
Image Credit: Apple

Data: Meet ad creative

From TikTok to Instagram, Facebook to YouTube, and more, learn how data is key to ensuring ad creative will actually perform on every platform.

Register Now

Join Transform 2021 for the most important themes in enterprise AI & Data. Learn more.


Despite marketing itself as obsessed with user privacy, Apple reportedly waited six days to do anything about a disturbingly huge privacy issue in its FaceTime service — a problem that was only addressed after news of the issue spread across social media last night. The issue enabled FaceTime callers to listen in on remote devices’ microphone audio until recipients answered the calls, effectively letting users spy on conversations or other sounds for as long as the remote devices continued ringing.

According to a new report from 9to5Mac, a mother and her teenage son reported the bug to Apple on January 22, emailing Apple’s customer support and Product Security departments that they had “discovered a major privacy and security flaw in your newest update, that allows users to listen in on other individuals without their permission.” They later shared a private YouTube video with Apple documenting the issue, apparently on January 23.

In a series of tweets, tech entrepreneur John H. Meyer says that the unnamed mother, an attorney from Arizona, provided evidence that she informed Apple about the flaw via email on the 22nd, and sent a formal legal notice to the company on the 25th. In response, Apple apparently told her to sign up for an Apple developer account and file an online bug report to get onto their radar.

Though the bug reporting procedure may sound familiar to longtime Apple followers, the company’s apparently nonchalant attitude about rapidly responding to a serious privacy bug — one that took only a minute to reproduce — is all but shocking. Numerous recent reports have suggested that Apple took weeks if not months to address comparatively smaller security breaches flagged by researchers, hiding its fixes in sneaky advisories.

But a bug allowing FaceTime users to surreptitiously overhear audio from friends, family, or strangers is dangerous on a completely different scale. Worse yet, if the FaceTime call recipient dismissed the request by clicking the power or lock button, the buggy device would impermissibly share video, as well. It’s bad enough that Apple requires customers to use a formal bug reporting system for obvious technical issues — and sometimes never addresses them — but it’s terrible for such a huge company to lack a shortcut for rapidly addressing large-scale privacy or security violations.

Once reports of the privacy issue circulated on social media and were confirmed by journalists, Apple initially said that it would release a fix for the issue later this week, then shut down the Group FaceTime feature altogether on its servers. The company’s belated response ironically came on Data Privacy Day, shortly after Apple CEO Tim Cook encouraged his Twitter followers to “insist on action and reform for vital privacy protections,” saying that the “dangers are real and the consequences are too important.”

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform
  • networking features, and more
Become a member

Transform 2021

Join us for the world’s leading event about accelerating enterprise transformation with AI and Data, for enterprise technology decision-makers, presented by the #1 publisher in AI and Data

Learn More

Join forces with OHUB & VB to include & hire 1,000 BIPOC students at SXSW

Sponsor & hire
  • VentureBeat Homepage
  • Follow us on Facebook
  • Follow us on Twitter
  • Follow us on LinkedIn
  • Follow us on RSS
  • VB Lab
  • Newsletters
  • Events
  • Special Issue
  • Product Comparisons
  • Jobs
  • About
  • Contact
  • Careers
  • Privacy Policy
  • Terms of Service

© 2021 VentureBeat. All rights reserved.