FaceTime For Mac Opens A Giant Apple ID Security Hole
FaceTime for Mac was released recently with some gaping security holes. Macworld Germany noted that once a user logged into FaceTime for Mac with his or her Apple ID, the password on the account can be changed from FaceTime without knowledge of the old password, leaving the account ripe for the picking by any passerby of the actual computer. The sabotage of an Apple ID is as easy as navigating through FaceTime’s preference menu to the “View account” page. Once there, whoever happens to be sitting at the computer can change the associated account password.
As long as the password satisfies all the security rules, the change instantly applies across the Apple ID account. For example changing the password in FaceTime will not let users delete the only e-mail address associated with the account, so basically if you have already signed up, you are stuck. If your account is hi-jacked, the worst-case scenario is that the person will go on an iTunes shopping spree with YOUR money. If you are wise to the password change, you can flip the password back just as easily. You still might want to maintain constant vigilance until Apple releases some hotfix though. Stay tuned for more news and info on the topic by following us on Twitter and/or subscribing to our RSS feed.
Source: Macworld Germany