ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

FaceTime for Mac beta exposes iTunes account information

By | October 21, 2010, 11:42am PDT

A word of warning to any of you who have downloaded and installed the FaceTime for Mac beta - the software allows anyone with access to the system to make iTunes account changes without entering a password. 

According to Macworld Germany, installing the beta allows anyone with physical access to the system to change the iTunes password without first entering the old password. Other sensitive account information such as the user’s name, date of birth and the answer to the security question are also displayed. The article also mentions that MobileMe passwords associated with FaceTime accounts can also be compromised this way.

Signing out of FaceTime doesn’t help either because the password is cached, so all someone would need to do was hit the “sign in” button to get access.

Pretty sloppy code if you ask me.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Apple Macintosh, Beta, Apple iTunes, FaceTime Communications, Desktops, Hardware, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
11
Comments
Add Your Opinion

Join the conversation!

Just In

3 days later
ShamooToo 24th Oct 2010
Why has this article (which was relevant at the time) been on ZDNet's front page and this article without an update? No disrespect to the author. Respect as this was relevant at the time, but it's been three days now and while it was relevant is now sort of lingering a bit like FUD and less like a PSA. ZDNet - what's up? Nothing else of interest pro/con Apple to get attention?
View in thread
0 Votes
+ -
Well that is why it is beta...
Snooki_smoosh_smoosh 21st Oct 2010
Better caught now, then in a RTM.

Also not a huge deal, as you need physical access to the machine.
0 Votes
+ -
And that's why they call it a beta...
doctorSpoc 21st Oct 2010
Because it's infinished, use at your own risk code.. thought everyone knew that.
0 Votes
+ -
I agree that it is sloppy code
bobiroc 21st Oct 2010
but it is a beta and if it is like any other beta's that I have tried it always states that this to be used by someone with at least decent knowledge of computers and to be used at your own risk. Since it went live yesterday I think this was caught rather quickly so that is good. Hopefully a quick patch will address that.
0 Votes
+ -
RE: FaceTime for Mac beta exposes iTunes account information
ShamooToo Updated - 22nd Oct 2010
@bobiroc

This was pretty much nullified as soon as announced. No action required to immediately mitigate, done on Apple's side already. If you go to the scene of the information previously, now populated blank. Glad the first couple of remarks were to remind people that this is in fact a beta application and not for the unprepared.
0 Votes
+ -
Note that Windows is not vulnerable to this attack
NonZealot 21st Oct 2010
Glad I don't use OS X on my Mac!
0 Votes
+ -
Right. Because we all know that Windows is
frgough 21st Oct 2010
totally secure when I have physical access to a logged in account.
0 Votes
+ -
Like I said, Windows is not vulnerable to this attack
NonZealot 21st Oct 2010
Since FaceTime is only available for OS X, only iTunes accounts of OS X users are at risk of being hijacked using this attack.

Nothing you can do or say or scream or spit or cry or whine will ever change that fact. happy happy happy
0 Votes
+ -
RE: FaceTime for Mac beta exposes iTunes account information
bobiroc 21st Oct 2010
@frgough

If you have physical access to an account on any computer OS you can do some damage. It doesn't take much to crack a password using utilities if you can physically touch a computer using the security native to an OS. Sorry but its true. I am sure Apple will fix this but it just shows that any OS or software can be insecure if someone wants to take the time to exploit it.
0 Votes
+ -
RE: FaceTime for Mac beta exposes iTunes account information
use_what_works_4_U 22nd Oct 2010
@bobiroc
I'm pretty sure you just repeated the point frgough was making.
0 Votes
+ -
While Apple is breaking records in their financials,
Snooki_smoosh_smoosh Updated - 22nd Oct 2010
@NonZealot... Windows is getting a record breaking # of exploits.

http://www.zdnet.com.au/microsoft-to-patch-record-number-of-holes-339306466.htm

So I wouldn't be tooting that horn to loudly. And nothing you can do or say or scream or spit or cry or whine will ever change that fact. wink wink wink
0 Votes
+ -
3 days later
ShamooToo 24th Oct 2010
Why has this article (which was relevant at the time) been on ZDNet's front page and this article without an update? No disrespect to the author. Respect as this was relevant at the time, but it's been three days now and while it was relevant is now sort of lingering a bit like FUD and less like a PSA. ZDNet - what's up? Nothing else of interest pro/con Apple to get attention?

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix