Macworld Germany has described what they're calling a security hole in the FaceTime for Mac beta (Google translation). The gist is this: once a user has logged into FaceTime for the Mac, his/her Apple ID and password can be altered from the app by anyone with access to the computer while FaceTime is running.
Let that sink in for a second.
If you were to log into FaceTime for Mac and then abandon your computer with everything running and no concern for who has access to it and for how long, there's a possibility that a n'er-do-well could sit down in your empty but still warm chair and engage in a scandulous conversation with your poor Aunt Shirley (who undoubtedly is wondering why you'd be dumb enough to walk away from your operational Mac in public) before changing your password and making several pricey purchases in iTunes.
In related security news, cash registers left unattended with their drawers open are likely to be robbed and cars left running with the doors unlocked are likey to be stolen. As Ars notes, "...whoever happens to be sitting at the computer can change the associated account password."
In the interest of our readers' safety, here are a few steps we suggest you take:
- Don't go to the bathroom while FaceTime is running on your Mac at Starbucks. Hell, don't leave your Mac on a table at Starbucks no matter what it's doing.
- Don't run FaceTime on a public computer.
- If the "office prankster" asks to use your FaceTime account to make a call, SAY NO.
- Think. Physical access is total access.