FaceTime for Mac beta exposes iTunes account information

A word of warning to any of you who have downloaded and installed the FaceTime for Mac beta - the software allows anyone with access to the system to make iTunes account changes without entering a password.

A word of warning to any of you who have downloaded and installed the FaceTime for Mac beta - the software allows anyone with access to the system to make iTunes account changes without entering a password. 

According to Macworld Germany, installing the beta allows anyone with physical access to the system to change the iTunes password without first entering the old password. Other sensitive account information such as the user's name, date of birth and the answer to the security question are also displayed. The article also mentions that MobileMe passwords associated with FaceTime accounts can also be compromised this way.

Signing out of FaceTime doesn't help either because the password is cached, so all someone would need to do was hit the "sign in" button to get access.

Pretty sloppy code if you ask me.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All