AAPL Stock: 111.6 ( -0.52 )

Printed from

FaceTime for Mac saddled with security vulnerabilities?

updated 10:45 am EDT, Thu October 21, 2010

Gaining, changing access may be too easy

The FaceTime for Mac beta -- released just yesterday -- has a pair of serious security vulnerabilities, reports suggest. If a computer is already logged into FaceTime, account settings in the app will notably display all of a person's associated data, including their birth date, security question and matching answer. This makes it trivial to hijack an account if an attacker already has access to a person's Mac.

Observers also point out that if someone logs out of FaceTime, their password remains entered in the password field, even after restarting the software. As a result, it becomes possible to quickly leap into another person's account. Because the Mac FaceTime client is still in beta though, Apple may already be working on fixing obvious security problems.

by MacNN Staff



  1. ebeyer

    Joined: Dec 1969



    Help me understand why this functionality wasn't simply rolled into iChat? Why have a whole separate app?

  1. vasic

    Joined: Dec 1969



    iChat has grown a bit unwieldy. FaceTime is as simple on the Mac as it is on the iPhone/iPod.

  1. dogzilla

    Joined: Dec 1969


    Is this really an issue?

    Both these "issues" require physical access to the machine. If I have physical access to your machine and 5 minutes, I'll own it and all the data on it. This is true of pretty much every single consumer computing platform out there. Before someone says anything about computer labs or library computers, let me point out that using those types of computers to log into any service that personally identifies you is equally vulnerable.

    Is there a remote component to any of these security vulnerabilities? It's getting harder and harder to separate out the useless "vulnerabilities" from actual points of concern - the situation is starting to become like the boy who cried wolf, and some discretion on the part of editors (here and in other mac-centric blogs) would be greatly appreciated.


    Joined: Dec 1969


    Physical Access = Big Problems

    The only computer that is truly secure is one that is shut down and under a lock and key. Yes this is a security hole and as many have said, Apple should have never released the beta with this. Just remember that it is a BETA and you always use Beta software with some risks built in. Plus if someone has physical access to your machine - well good luck, you have a bigger problem to worry about.

  1. stainboy

    Joined: Dec 1969


    beta software

    news flash: FaceTime beta software is beta software.

  1. B9bot

    Joined: Dec 1969


    Key point, attacker needs access to your Mac

    The key sentence here is "This makes it trivial to hijack an account if an attacker already has access to a person's Mac."

    So first the attacker needs access to your Mac. Point is mute unless you let everyone access your Mac. Hardly what I would call a big vulnerability. If someone already has access you better be smart enough not to let them be someone who wants to do bad stuff with the information on that Mac.

  1. vintagegeek

    Joined: Dec 1969



    Beta---still perhaps a little too much exposure for a public beta. Can't wait to try the MAC Facetime anyway.

  1. hayesk

    Joined: Dec 1969



    I was already to write a big diatribe about how anyone in an office could sneak onto your Mac while you were in the bathroom, launch FaceTime, and get all of your account data, including your secret password, and change your password.

    But then I thought, well, if FaceTime didn't have this problem, I could write my own app that grabs your password from the Keychain (this is what FaceTime does, it doesn't save it in its preferences), and get access to the same information. I could put that app on a USB stick and do the same thing.

    So, does FaceTime open up any new flaws? No, it just makes the existing flaw easier. The existing flaw being the user didn't lock his keychain when he left his Mac.

  1. SierraDragon

    Joined: Dec 1969


    It is a Beta...

    What part of "beta" do the editors not understand? The head should be re: a _beta_ security flaw.

  1. Fast iBook

    Joined: Dec 1969


    iChat vs FT.

    iChat is based on the AIM network and the video/audio layer in AIM, FaceTime is based on wifi and client to client availability developed on iOS 4 for the iPhone 4. If "no one is home" the request times out after about 30 seconds. No one being home as in no wifi connected or wifi turned off or facetime disabled etc.

    - A

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Polk Hinge Wireless headphones

Polk, a company well-established in the audio market, recently released a new set of headphones aimed at the lifestyle market. The Hin ...

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...


Most Commented