Apple was told about Group FaceTime privacy bug more than a week before closing access

Posted:
in iOS edited January 29
Apple may have known about the Group FaceTime privacy bug a week before the company disabled the feature, with one Twitter user claiming to have informed Apple of the issue discovered by their child the previous Monday.

Apple's marketing image for Group FaceTime
Apple's marketing image for Group FaceTime


On Monday, it was revealed Apple had disabled access to Group FaceTime due to an "ongoing issue," with no timeline offered for the fix. Social media posts revealed a FaceTime bug that glitches the service and allows access to a third-party's microphone in a Group FaceTime call, even if they do not answer the call.

According to more posts on social media, it seems that Apple may have left Group FaceTime active for a week after being informed of the bug's existence. A Twitter user identified as "MGT7" has posted emails purportedly sent to Apple as proof of reporting the bug to the company.

One email, shown in an image and dated January 22, claims the user's teenage son had discovered the security flaw and that it had been disclosed to Apple, but with no response from the company on the matter. The email continued to offer details and a home video of the flaw following a discussion with an Apple employee.

Another image contained a similar message allegedly sent to Fox News on January 20 via Facebook, again referencing the submission of a bug report to Apple and asking if there is interest in the story. In a more recent message, the Twitter account also claims to have "letters, emails, tweets and messages" sent to Apple over a ten-day period over the bug.

While it is difficult to deduce if the reported communications took place from posts and screenshots, one tweet from January 21 mentions a "major security flaw," the bug report, and the discovery by the unidentified teenager. As it is currently not possible to edit a historical tweet on the service, this seemingly serves as a form of proof that the communication is genuine.

There are also other questionable elements to the account that suggest all may not be as straightforward as it seems. For example, one screenshot shows the email log as being in GMT rather than Mountain Time or another more appropriate timezone.

The age of the account is also questionable, as the first available post made from it was on January 1, discussing British knife bans. The overall usage of the account, including hashtags, image embeds, and other areas, also indicate the user has knowledge of how to use Twitter, and either all posts pre-2019 were wiped or the account is an alternative one for the user.

Apple is still working a permanent fix for the issue. The company shut down Group FaceTime as a temporary workaround on Monday night.
«1

Comments

  • Reply 1 of 27
    lkrupplkrupp Posts: 7,308member
    Okay, calm down AI. I would bet that Apple gets several hundred of these Tweets and emails a day from the public claiming to have found a major bug. I know that the Apple discussion forums are full of these kinds of posts and claims only to find out the person reporting it didn’t know what they were talking about or had a misunderstanding of how things actually work. So this 14 year old’s report was probably just one of thousands of reports from the public and Apple was somehow supposed to rifle through them all to see if any of them were legit? Apple didn’t immediately respond to the teenager’s report? No shit, Sherlock. Why would they? How many people would Apple have to dedicate to looking at every single report from the public about a possible bug or security flaw?

    So yeah, the bug is a really big one but to say Apple knew about it for a week before doing anything is just pure fantasy and negative narrative. 
    larryjwmagman1979johnfrombeyondeideardrandominternetpersonlollivermacxpresstokyojimu
  • Reply 2 of 27
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
  • Reply 3 of 27
    Mike WuertheleMike Wuerthele Posts: 4,872administrator
    lkrupp said:
    Okay, calm down AI. I would bet that Apple gets several hundred of these Tweets and emails a day from the public claiming to have found a major bug. I know that the Apple discussion forums are full of these kinds of posts and claims only to find out the person reporting it didn’t know what they were talking about or had a misunderstanding of how things actually work. So this 14 year old’s report was probably just one of thousands of reports from the public and Apple was somehow supposed to rifle through them all to see if any of them were legit? Apple didn’t immediately respond to the teenager’s report? No shit, Sherlock. Why would they? How many people would Apple have to dedicate to looking at every single report from the public about a possible bug or security flaw?

    So yeah, the bug is a really big one but to say Apple knew about it for a week before doing anything is just pure fantasy and negative narrative. 
    Or, you know, you could read the article.

    FTA: "While it is difficult to deduce if the reported communications took place from posts and screenshots, one tweet from January 21 mentions a "major security flaw," the bug report, and the discovery by the unidentified teenager. As it is currently not possible to edit a historical tweet on the service, this seemingly serves as a form of proof that the communication is genuine. 

    There are also other questionable elements to the account that suggest all may not be as straightforward as it seems. For example, one screenshot shows the email log as being in GMT rather than Mountain Time or another more appropriate timezone. 

    The age of the account is also questionable, as the first available post made from it was on January 1, discussing British knife bans. The overall usage of the account, including hashtags, image embeds, and other areas, also indicate the user has knowledge of how to use Twitter, and either all posts pre-2019 were wiped or the account is an alternative one for the user. "
    edited January 29 SolilkruppMplsPelijahg
  • Reply 4 of 27
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
    Under Tim Cook's tenure Apple has released Apple Watch, HomePod, AirPods, continued to evolution of the iPhone/iPad with Face ID, continued exclusive chips that are best in the business, Apple Music subscription service, and much much more.  His effectiveness as a CEO has almost been unparalleled, with a few obvious exceptions (Jobs himself being one).  Apple's security in its operating systems is still among the best. It's because it's among the best that when there is a flaw it's highlighted so much more than Microsoft or Google.  Under Jobs, Mac OS and iOS had security flaws, software issues, and a constant need to push out updates too.  The increasing ubiquitousness of Apple products are largely why more security flaws are being exposed, not that they were previously impervious.  
    mac_dogmagman1979StrangeDaysracerhomie3eideardpropodlolliver
  • Reply 5 of 27
    Is there really a standard turnaround time for taking major OS features offline after a bug report from a random member of the public? This article seems to imply that there is. So what is it? 4 days? 3? Less?
    edited January 29 rogifan_newjohnfrombeyondrandominternetperson
  • Reply 6 of 27
    mac_dogmac_dog Posts: 703member
    Is there really a standard turnaround time for taking major OS features offline after a bug report from a random member of the public? This article seems to imply that there is. So what is it? 4 days? 3? Less?
    Seconds—if you’re “tacoplenty.”
    randominternetpersonevn616
  • Reply 7 of 27
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
    If Steve Jobs were still alive, he would have shut the company down and imprisoned the entire engineering team in Siberia as soon as the first tweet about this bug was sent. Then he would've bought back every defective Apple product that had FaceTime installed, and thrown them into a volcano. Then he would have started an entirely new company where he would single-handedly invent, build and sell new game-changer tech gear on a bi-weekly basis. These mystical devices would be perfect, of course, and would sell by the hundreds of millions, instantly. 
    beowulfschmidtnetroxrogifan_neweideardloquiturtbornotDAalsethlollivermacxpressjungmark
  • Reply 8 of 27
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
    Delusional nonsense. 

    Where was the national outcry over Samsung’s android bug where it fired off stuff to random contacts? Didn’t happen. My point is bugs happen and will as long as software is coded by humans. That they get fixed and are supported for years is what matters. iOS is supported longer than the knockoff flagships. 
    edited January 29 racerhomie3eideardjmey267lolliverfastasleep
  • Reply 9 of 27
    magman1979magman1979 Posts: 1,136member
    AppleZulu said:
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
    If Steve Jobs were still alive, he would have shut the company down and imprisoned the entire engineering team in Siberia as soon as the first tweet about this bug was sent. Then he would've bought back every defective Apple product that had FaceTime installed, and thrown them into a volcano. Then he would have started an entirely new company where he would single-handedly invent, build and sell new game-changer tech gear on a bi-weekly basis. These mystical devices would be perfect, of course, and would sell by the hundreds of millions, instantly. 
    I will assume for the moment this was an over-the-top attempt at sarcasm, and you forgot to indicate this with a /s at the end...
    racerhomie3
  • Reply 10 of 27
    volcanvolcan Posts: 1,791member
    Apple often recruits talent from other companies when implementing new services, you know like people who have already proven that they have developed the same sort of technology. Maybe they couldn't get the right people this time from the likes of Skype, Google, Web Meeting or dozens of other platforms that have been around for quite some time with this feature.
  • Reply 11 of 27
    AppleZulu said:
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
    If Steve Jobs were still alive, he would have shut the company down and imprisoned the entire engineering team in Siberia as soon as the first tweet about this bug was sent. Then he would've bought back every defective Apple product that had FaceTime installed, and thrown them into a volcano. Then he would have started an entirely new company where he would single-handedly invent, build and sell new game-changer tech gear on a bi-weekly basis. These mystical devices would be perfect, of course, and would sell by the hundreds of millions, instantly. 
    I will assume for the moment this was an over-the-top attempt at sarcasm, and you forgot to indicate this with a /s at the end...
    Of course. Because jokes are always funnier when you announce that they are jokes and then explain their rhetorical structure.
    johnfrombeyondrandominternetpersonlolliverfastasleeptokyojimufocher
  • Reply 12 of 27
    lkrupplkrupp Posts: 7,308member
    lkrupp said:
    Okay, calm down AI. I would bet that Apple gets several hundred of these Tweets and emails a day from the public claiming to have found a major bug. I know that the Apple discussion forums are full of these kinds of posts and claims only to find out the person reporting it didn’t know what they were talking about or had a misunderstanding of how things actually work. So this 14 year old’s report was probably just one of thousands of reports from the public and Apple was somehow supposed to rifle through them all to see if any of them were legit? Apple didn’t immediately respond to the teenager’s report? No shit, Sherlock. Why would they? How many people would Apple have to dedicate to looking at every single report from the public about a possible bug or security flaw?

    So yeah, the bug is a really big one but to say Apple knew about it for a week before doing anything is just pure fantasy and negative narrative. 
    Or, you know, you could read the article.

    FTA: "While it is difficult to deduce if the reported communications took place from posts and screenshots, one tweet from January 21 mentions a "major security flaw," the bug report, and the discovery by the unidentified teenager. As it is currently not possible to edit a historical tweet on the service, this seemingly serves as a form of proof that the communication is genuine. 

    There are also other questionable elements to the account that suggest all may not be as straightforward as it seems. For example, one screenshot shows the email log as being in GMT rather than Mountain Time or another more appropriate timezone. 

    The age of the account is also questionable, as the first available post made from it was on January 1, discussing British knife bans. The overall usage of the account, including hashtags, image embeds, and other areas, also indicate the user has knowledge of how to use Twitter, and either all posts pre-2019 were wiped or the account is an alternative one for the user. “
    Then why is the headline “Apple was told... more than a week ago...” and not “allegedly told". And the mother now has a lawyer apparently. What’s that tell you? Words and the lack of words convey implications and the invitation to make conclusions. 
    edited January 29
  • Reply 13 of 27
    Leaving aside the fact that this is a major bug, the chain of events leading to the public forum "reveal"—via this single Twitter account with virtually no history and a recent creation date—smells like Qualcomm's already publicized intent to smear Apple. That doesn't relieve Apple of their responsibility, but it does cast aspersions on the veracity and actual intent of said account's version of events.
  • Reply 14 of 27
    Mike WuertheleMike Wuerthele Posts: 4,872administrator
    lkrupp said:
    lkrupp said:
    Okay, calm down AI. I would bet that Apple gets several hundred of these Tweets and emails a day from the public claiming to have found a major bug. I know that the Apple discussion forums are full of these kinds of posts and claims only to find out the person reporting it didn’t know what they were talking about or had a misunderstanding of how things actually work. So this 14 year old’s report was probably just one of thousands of reports from the public and Apple was somehow supposed to rifle through them all to see if any of them were legit? Apple didn’t immediately respond to the teenager’s report? No shit, Sherlock. Why would they? How many people would Apple have to dedicate to looking at every single report from the public about a possible bug or security flaw?

    So yeah, the bug is a really big one but to say Apple knew about it for a week before doing anything is just pure fantasy and negative narrative. 
    Or, you know, you could read the article.

    FTA: "While it is difficult to deduce if the reported communications took place from posts and screenshots, one tweet from January 21 mentions a "major security flaw," the bug report, and the discovery by the unidentified teenager. As it is currently not possible to edit a historical tweet on the service, this seemingly serves as a form of proof that the communication is genuine. 

    There are also other questionable elements to the account that suggest all may not be as straightforward as it seems. For example, one screenshot shows the email log as being in GMT rather than Mountain Time or another more appropriate timezone. 

    The age of the account is also questionable, as the first available post made from it was on January 1, discussing British knife bans. The overall usage of the account, including hashtags, image embeds, and other areas, also indicate the user has knowledge of how to use Twitter, and either all posts pre-2019 were wiped or the account is an alternative one for the user. “
    Then why is the headline “Apple was told... more than a week ago...” and not “allegedly told". And the mother now has a lawyer apparently. What’s that tell you? Words and the lack of words convey implications and the invitation to make conclusions. 
    Right, which is why you should read all of them. Apple was told, we've got the radar. We just have questions about this particular Twitter account.
    edited January 29 dws-2
  • Reply 15 of 27
    I’m thinking someone isn’t going to get paid for the bug bounty.  Ten days isn’t long enough... people don’t seem to get how complex the process is.  Even after extensive testing, bug fixes frequently break something else.  I’m sure Apple is more concerned about the previous patch that resulted in users getting “no service” on their cellular connection (at the moment).

    If I remember correctly, when Google reports a bug of Microsoft’s they wait 90 days before making it public. (Industry standard)

    My bet is whatever the bug bounty was, Fox News offered more...

    What to bet Fox News is on Apple’s shit list?


  • Reply 16 of 27
    SoliSoli Posts: 9,263member
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
    There were worse bugs when Jobs was CEO so should he have been fired?
    lolliver
  • Reply 17 of 27
    metrixmetrix Posts: 253member
    Apple is by no means a small company and it requires a chain of command to get things accomplished that become necessary in a large company. A battleship can not turn on a dime. Another way to look at it is a rush to make an immediate decision to rectify the situation may result in an even worse situation compounding the problem. All engines stop may not be the right answer. 
  • Reply 18 of 27
    A FaceTime security bug as big as this is "both tragic and hysterical" as explained by Amy in
  • Reply 19 of 27
    rob53rob53 Posts: 2,085member
    Couple weeks is a lot better than Microsoft’s typical couple years (or never) bug fixes. Of course anything Android could be fixed quickly but never implemented on 90+% of mobile devices so I’m fine with a couple weeks. 
  • Reply 20 of 27
    MplsPMplsP Posts: 1,654member
    Soli said:
    Apple has become a turgid bueocracy under Tim Cook.
    Fire him.
    There were worse bugs when Jobs was CEO so should he have been fired?
    Oh, no. Everything was perfect when Steve was around. 
Sign In or Register to comment.