Apple have recently announced FaceTime for the Apple Mac, and with it has come a few problems, especially ones that allow users to make changes to their iTunes account without the need to enter a secure password to do so.
The vulnerability was discovered in a Macworld Germany post, that stated once the application was installed, the corresponding iTunes account would be open to a free password change without the need for entering an old password first. Schoolboy error Apple, schoolboy error.
Although this is a beta, and things like this happen you would have though that this kind of flaw would have been discovered and patched in previous versions. Surely rule number one when developing a program like this would to make it secure. Unfortunatly, it just looks like this was overlooked.
Whats more, if a computer is logged into FaceTime, account settings will display all of the user’s associated data such as birthday, security question and get this — the answer to the security question.
This also means that if a user was to log out of the program, another person could easily log in to the account that had been on last (because the password is cached) and take a look at all the sensitive information from there.
Is there anymore security issues that Apple should know about FaceTime?
Source: The Register
Also See: iTunes 12.0.1 update release notes