Apple Was Notified About Major FaceTime Eavesdropping Bug Over a Week Ago

An anonymous reader writes: Twitter user MGT7500 tagged the official Apple Support account in a January 20 tweet claiming that her 14-year-old son discovered a "major security flaw" that allowed him to "listen in to your iPhone/iPad without your approval." The user also tagged Tim Cook on the issue in a follow-up tweet on January 21."

Once the bug started making headlines on Monday, the Twitter user then shared additional tweets claiming that they had also emailed Apple's product security team over a week ago. A screenshot of the email was shared, and it appears the team did respond, but what they said is not visible in the screenshot. [...] All in all, there is evidence that Apple Support was tagged about an eavesdropping bug eight days before it made headlines, and if the rest of the tweets are truthful, the company was also alerted about the bug via several other avenues. The original story has been updated to include another example of a user -- John Meyer -- who has shared a video about the FaceTime bug that he says was recorded and sent to Apple on January 23.

Re:

[bobbied]

Bug or feature for law enforcement etc.?

This is Apple. Remember their refusal to help unlock the phone of the guy who shot up the staff Christmas party in California awhile back? Yea, they don't seem to be the type to do what ever law enforcement asks.

Therefore, I'm guessing this is a "bug" and not a planned feature. But, it's just a guess.

Re:

[ZenShadow]

That's just what they want you to think...

Re:

[drinkypoo]

This is Apple. Remember their refusal to help unlock the phone of the guy who shot up the staff Christmas party in California awhile back? Yea, they don't seem to be the type to do what ever law enforcement asks.

That's what the press releases say, so it must be true!

Re:

[bobbied]

So, if the press coverage all disagrees with your version of events, Just ignore it and go with your version? Even when there are legal rulings and transcripts that support the news reporting?

Why bother complaining about Fake News when we have stuff like this..

Re:

[drinkypoo]

"Even when there are legal rulings and transcripts that support the news reporting?"

A transcript can contain lies, that's literally what corporate lawyers and PR flacks are for. A court can be misled. Until the OS is OSS, you can't even begin to trust it. And all the important bits are closed. You can trust on faith if you want to, but I expect verification. That's why I'm not religious about god OR security.

Re:

[bobbied]

So, you believe the moon landings where a hoax and Elvis is still alive, living as a dishwasher at Mel's diner in Backwater Mississippi... Let me guess, you know where Jimmy Hoffa is too. OK.. I get it. Facts don't matter all that much to you.. (sarc off)

Re: Bug or Feature

[dougdonovan]

apple should hire the 14 year old under the table then he could retire by the time he is 40ish.

eMail response

[Anonymous Coward]

Take a pick:

1) No
2) your security is important to us, here is a link to our FAQ
3) You're wrong, Apple does not have bugs.

Re:

[Aighearach]

My experience, regardless of company, is all three of those at the same time, but using confused wording.

Re:

[zifn4b]

Studies show obfuscation of the truth is good for company reputations

Tagging? lol

[Spy Handler]

Does Tim Cook actually monitor Twitter and look for posts with a #TIMCOOK tag and then read them?

Since anyone with an ounce of brain will realize the answer is a big fat NO, shouldn't it also be obvious that tagging a Twitter post with someone's name is completely worthless, and that if you wanna report a fucking bug, you should go to that company's bug reporting website and do it there? Apple has one, it took me all of 2 seconds to Google for it: https://bugreport.apple.com/ [apple.com]

Actually it should be obvious t

Re:Tagging? lol

[darkain]

At least RTFS....

"they had also emailed Apple's product security team over a week ago."

Re: Tagging? lol

[Anonymous Coward]

They tagged the cook account, the support twitter and emailed the security team.

What more did you expect them to do? Provide blow jobs?

Re:

[Highdude702]

Would probably accelerate the process a bit. Or some process at least.

Re:

[bobbied]

Wouldn't that be @timcook?

I'd be wiling to bet that Apple monitors a number of hash tags related to it's business on Twitter. So you may not get Tim Cook's direct attention, but somebody at Apple is likely scanning for such tags, even if it's just Siri's mainframe based cousin who pays any attention.

Re:

[cyn1c77]

Does Tim Cook actually monitor Twitter and look for posts with a #TIMCOOK tag and then read them?

Since anyone with an ounce of brain will realize the answer is a big fat NO, shouldn't it also be obvious that tagging a Twitter post with someone's name is completely worthless, and that if you wanna report a fucking bug, you should go to that company's bug reporting website and do it there? Apple has one, it took me all of 2 seconds to Google for it: https://bugreport.apple.com/ [apple.com]

Actually it should be obvious to people by now that Twitter itself is completely worthless. Just let it die, please?

Well, maybe he should. It might be good for him to get his head out of his ass, I mean reality distortion field, and see what is actually going on with his products.

Especially since both the official Apple Support account and product security teams take longer than a week to respond... which basically is non-responsive on a bug of this magnitude.

Re:

[drinkypoo]

Does Tim Cook actually monitor Twitter and look for posts with a #TIMCOOK tag and then read them?

No, but if his staff doesn't, Apple is failing at social media. What year is it?

you are holding it wrong!

[kiviQr]

...you need to cover mic and camera with thumb and index finger!

Radio silence

[mrobinso]

It's obvious that radio silence is the sole MO for large corporate entities, especially the popular / well-known ones. Saying nothing is not the same as denying, and won't be until government bodies start prosecuting it that way.

And sure, Twitter is mostly worthless, but at least they don't make a living and pay high dividends to the 1%'ers by selling way over-priced offshore-made proprietary whatchamacallits.

Do you want it fixed right or not?

[SuperKendall]

Even reporting to the security team as it was, would probably take a day or so to verify, and then someone can be assigned to fix...

But let's be realistic, a fix for this is not something that would just take overnight - or not something you would want them to rush. I mean, do you want it fixed right or do you want some new bug introduced?

Clearly...

[Vegan Cyclist]

...Apple was holding their phone wrong when the email came in.

Already patched (just spoke to Apple's people)

[Anonymous Coward]

Already patched (just spoke to Apple's people - DIRECTLY - & the ones doing the patchwork whom I know (my nephew practically "runs the show" in that very dept. for them for 6++ yrs. now so I get a 'direct line'...)).

Currently - He's on their "tiger teams" now though but is aware it is patched (not many of you will KNOW what a 'tiger team' is but you have to be REALLY GOOD to be on one). I'm proud of his achievements in fact, especially THAT one.

* Soooo, "Move along folks - nothing to see here" & I n

"What happens on your iPhone stays on your iPhone"

[tttonyyy]

No tech company can truly know, for sure, that their product is secure. Shouting this from the rooftops (in this case, pretty much literally) was only ever going to end one way.

https://www.independent.co.uk/... [independent.co.uk]

Pride comes before a fall and all that!

Re:

[ElitistWhiner]

Two days later...

iCloud bug ‘let ANYONE read your private iPhone notes’ – and was ‘kept a secret’, security expert claims.

THIS is not validated nor verified yet, but if not FAKE news - TIM COOK's name is all over it.