Apple temporarily fixes FaceTime security vulnerability

In the wake of privacy concerns, Apple has moved to fix its recently released FaceTime application for the Mac to block access to a potential security hole.

The FaceTime Account pane as it originally appeared (left) and after Apple's "fix" (right).

The flaw resided in the fact that anybody with access to the computer on which FaceTime was installed could change the password to the related Apple ID without knowing the current password. When launched, FaceTime automatically logs you into the associated account; from there, going to the app’s Preferences pane, clicking on your account, and then clicking View Account would allow you to enter a new password and confirm it without ever having to enter the current password.

While the FaceTime application itself has not been updated, Apple has blocked access to that account information—currently, clicking on the View Account link will take you to an empty page before bouncing you back to the previous page.

Of course, this is hardly a permanent fix for the security hole, since presumably people will eventually want to access their account details from inside the app, but it should at least block any nefarious pranksters or snoopers in your home or your office for the time being.

Shop ▾
arrow up Amazon Shop buttons are programmatically attached to all reviews, regardless of products' final review scores. Our parent company, IDG, receives advertisement revenue for shopping activity generated by the links. Because the buttons are attached programmatically, they should not be interpreted as editorial endorsements.

Subscribe to the Best of Macworld Newsletter