Apple's FaceTime For Mac Released With Security Holes

Apple's newly released FaceTime for Mac beta was launched with security flaws that could allow hackers to access and change users' iTunes accounts without first entering a password.

Macworld Germany first reported that the beta version of Apple's new FaceTime for Mac, which allows Mac users to use FaceTime video chat service with iPod Touch and iPhone 4 users, contains a security flaw that enables potential hackers to change an iTunes password without first entering the old password. The bug also enables hackers to modify the user's security question, without correctly answering the original one.

When users log in, the application exhibits personal information about them in a window next to the video display, including birth date, private security questions and the answers, without requiring a password or any other kind of authentication. Ostensibly, the feature makes it easy for users to review and change their account information.

But the FaceTime glitch also leaves a gaping hole for cyber criminals with the beta version of FaceTime at their fingertips to reset passwords on victims' iTunes accounts, change e-mail addresses or otherwise view a user's personally identifying information.

id
unit-1659132512259
type
Sponsored post

In addition, Macnn.com reported another flawthat keeps users' passwords entered in the field after they log out of FaceTime, even if they restart the application.

Next: Hackers Need Direct Access To Victim's Mac

The potential for a data breach even exists if a user properly logs out of their iTunes account because the application caches the old password, which can then easily be retrieved by hackers and identity thieves.

However, one mitigating factor is that the security error requires a hacker to have direct access to a user's Mac installed with FaceTime, which would also enable them to access other sensitive information unrelated to iTunes accounts.

Realistically, a hacking situation could occur if an individual was using the FaceTime application at a public Mac computer, or if they stepped away from their personal laptop in a public place, giving miscreants an opportunity to access their system.

Apple's CEO Steve Jobs debuted the beta version of the new FaceTime for Mac, which allows video conferencing on the Mac OS X platform, on Wednesday as part of the company's Back to the Mac comprehensive software launch.