FaceTime for Mac – a serious threat for your Apple ID
While many users are happy about having FaceTime on their Mac, we are a little anxious about some security glitches present in the current beta of the software. With a few clicks others can make use of the user’s Apple ID and reset the password with ease.
We started having a closer look at the settings when Gernot pointed us at some issues: Once you’ve logged into FaceTime you can have a look at all the account settings of the used Apple ID. Username, ID, place and birth date are shown as well as the security question and the answer to it – in plain text, without another password request. To reset the password to an Apple ID, all you need it the exact birth date and the answer to the security question – we tried that out for you, and it worked fine.
Even without the plain text answer the password reset itself is a little akward – closer friends and families usually know answers to the standard questions, such as favourite number or certain names. Unfortunately there’s no way to deactivite the security question password reset.
Another issue happens while logging out: When you choose “Log Out” from the top menu, the password remains in the password field, even when restarting the application. That shouldn’t be the case tho: Applications should remove passwords from the password field as soon as the application is closed.
Our tip: Either don’t use FaceTime at all or make sure your computer is save – set a master password and never leave your machine open and running in a public place. Otherwise you might get an unusual surprise at some point.
Update 22 Oct 10am: Apple has fixed the flaw. When you open the menu now you can’t see the account data anymore and the menu jumps back.