The Mac edition of video chat app FaceTime has only been available for a day, but a big security hole has already been identified in the program.
Turns out, anyone can access the “View Account” tab from one of FaceTime’s dropdown menus, as Ars Technica reports. That tab shows the FaceTime account owner’s Apple ID – and it gives the ability to change that Apple ID’s password with minimal effort and no security verification.
This is sort of a big deal, considering Apple device owners use their Apple ID for just about everything, from registering devices to buying songs from iTunes. In fact, iTunes is potentially where this security breach could manifest itself. Since anyone who happens to spend 15 seconds at your Mac could change your password using FaceTime, they could presumably pop into iTunes on another computer, buy some stuff, and charge it to you.
Changing the password in FaceTime spreads the change everywhere, including iTunes, and logging out of FaceTime or attempting to limit the damage doesn’t seem to work. FaceTime is set to automatically remember passwords and there’s no way to turn that off right now, so once it’s in there, it’s too late to do anything about the change.
Fortunately, the security hole means you can sit down at FaceTime and fix a password issue just as easily as someone else can change it, just by entering what your password should be in the same field from which it was changed to begin with. But it’s a good idea to limit the people with access to your Mac and FaceTime until a fix is released by Apple.
Impressive response time from Apple
If there’s a positive to this minor FaceTime fiasco, it’s that it could show Apple’s ability to identify issues with its upcoming push for Mac apps, and correct them.
FaceTime is sort of the early recon element of Apple’s coming Mac App army, linking Macs to mobile devices today before the rollout of the big Mac App Store three months from now. FaceTime is a bigger, spiffier version of the same app that appears on iPads and iPhones, and naturally translating mobile apps from platforms that are relatively limited to Macs, where they have a much bigger backyard to go run around in, is going to take some effort.
Most of the apps that come from iPhone to Mac are going to get expanded, altered and otherwise made better. There are bound to be some issues, but the current mobile App Store is pretty good about making updates. The only limiting factor is the amount of time and resources a developer can expend on fixing an app in order to get updates out quickly.
So this might be the first test to see how the same thing happens on Macs. Updates for iPhone apps can alternatively seem to take forever on some issues, where others get fixed relatively quickly, but always the actual update process for the app – downloading and fixing it – happens in a fast and easy way for the user. That, at least, is a big plus.
It’ll take the full rollout of the Mac App Store to see just how well Apple can handle the same process for desktop apps. But if the company gets a handle on making fast, effective changes to minor problems, the Mac app experience could get an early advantage of being headache-free. Take out most stress early from the process, and we might see Mac apps take off for Apple just as quickly as the phenomenon has on iPhone.
