PDA

View Full Version : FaceTime for Mac OS X Has a Serious Security Flaw - Report



OMEN
10-24-2010, 01:17 PM
http://imagevader.com/out.php?i=189691_facetime-for-mac-os-x-has-a-serious-security-flaw-report-2.jpg

A German source is signaling that those who haven’t downloaded FaceTime for Mac just yet may want to hold back on the desire to video chat with their iPhone-wielding friends, as there may be some serious security risks involved.

During yesterday’s Back to the Mac special event held in Cupertino, California, Apple’s CEO confirmed the availability of FaceTime for Mac.

The application effectively enables anyone with a mac running Snow Leopard to use their computer’s iSight camera and mic to talk to their iPhone, iPod touch-equipped friends.

Macnotes.de sounds the alarm over some “security glitches” present in the beta release of FaceTime for Mac.

According to the German web site, those with bad intentions can make use of the user’s Apple ID and reset the password in just a few clicks.

The glitch is exposed once a user logs into FaceTime and glances at the account settings of the used Apple ID. “Username, ID, place and birth date are shown as well as the security question and the answer to it – in plain text, without another password request,” the German source describes (http://www.macnotes.net/2010/10/21/facetime-for-mac-a-serious-threat-for-your-apple-id/) the bug.

From here, it’s easy to reset the password to an Apple ID since all the “hacker” needs to know is the user’s birth date and the answer to the security question.

The site appropriately points out that close friends and family members will usually know the answers to such standard queries.

There’s also a problem when the user logs out. As it happens, FaceTime forgets to wipe the password field clean, leaving it there for anyone who may have access to your Mac.

While this person will not be able to read the password itself, they will be able to use that account to place prank FaceTime calls, for example. And we’re assuming you don’t want that with your account.

Softpedia