The FaceTime for Mac beta has been giving us tonnes of fun (take a look at this morning’s FaceTime calls ElectricPig experiment) but there’s a rather perturbing iTunes security flaw. Macworld Germany flagged up the issue which means someone with physical access to your computer could change your iTunes password and go on a spending spree…
Patrick Wood notices that once a Mac is set up with FaceTime for Mac, the iTunes password associated with it can be changed without reentering the current password. That means someone passing by could easily switch your password and take over your iTunes account along with the ability to splurge on the best iPhone apps, music, TV and films.
The FaceTime for Mac app includes a setting in the View Account menu and simply enter a new password. It has to match the rules for iTunes passwords but you can enter it without the knowledge of the account owner if you can get at their computer. You can sign out of your iTunes account in FaceTime for Mac but the beta automatically saves your password. Click sign in and you can still alter the password.
We’re sure this is a temporary issue that Apple will solve imminently but it does seem sloppy. In the meantime, keep an eye on your computer and make sure no one else gets their hands on it to mess with your iTunes password. And let us know: are you surprised that Apple has failed to avoid this fairly obvious security flaw in FaceTime for Mac?
We certainly don’t want people changing our iTunes password when we invite them over to look at our new Macbook Air.
Out now | £free | Apple (via MacWorld Germany)
