iPhone Srbija Servis, Beograd Kosovska 28
Results 1 to 8 of 8

Thread: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

  1. #1
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Pre nekoliko dana se digla prasina oko propusta u okviru FaceTime servisa.

    Ova greska omogucava da kad pozovete nekog u okviru Group FaceTime, i nakon toga dodate vas broj kao jos jednog sagovornika, cujete sve sto dolazi do mikrofona telefona koji ste pozvali iako se sagovornik nije javio na telefon.


    Ovo je moguce izvesti nevezano da li pozivate nekog na iPhone ili Mac.


    Opis:

    Pozovete nekog preko FaceTime, swipe odozdo na vise, dodate vas broj telefona, preko add person, kao jos jednog ucesnika u razgovoru i od tad ste u prilici da cujete sve sto dolazi do mikrofona telefona koji ste pozvali, iako se niko jos nije javio na telefon i prihvatio poziv.
    Ako osoba koju ste pozvali, pritisne Power dugme u okviru Lock Screen-a, dobijate i video.



    Ovo je prijavljeno Apple-u jos 20. januara ali, ocigledno, niko to nije procitao i prosledio gde treba.

    Tema na Reddit sajtu

    A person reported the Group FaceTime exploit to Apple, 9 days ago



    MGT7
    @MGT7500

    My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff! #apple#bugreport@foxnews
    https://twitter.com/MGT7500/status/1087171594756083713



    I reported the bug there after registering as a developer (even though I’m not, I was told I could) and also emailed product-security@apple directly.
    https://twitter.com/MGT7500/status/1090163397788745728



    Cak je 23. januara, video prosledjen Apple-u


    VIDEO: Here is a video, recorded & sent to Apple by a 14 yr old & his mom, on JAN 23rd, alerting them to the dangerous #FaceTime bug, that has threatened the privacy of millions. I've removed sensitive / private info on behalf of the mother (an attorney), whom I just spoke to.
    https://twitter.com/BEASTMODE/status...98850764644352


    Ovaj bag je prvo objavljen na 9to5Mac.




    Nakon toga, Apple je napokon privremeno onemogucio ovaj servis, sto mozete da vidite i na System status strani







    https://www.apple.com/support/systemstatus/

  2. #2
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default Re: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Apple je danas dao izjavu vezano za ovaj bug


    We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.

    We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.

    Ipak ce update iOS-a da saceka narednu nedelju, uprkos prvobitnim najavama da ce tokom ove nedelje da izadje update sa ispravkama.

    Za sad ostaje serverski blokiran Group FaceTime i nikom vise na taj nacin nije ugrozena privatnost.

    Ono sto je uocljivo i sustinski sporo: "as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix"


    Izgleda da niko nije obratio paznju na mail-ove, sve sa video prikazom, koje je porodica Thompson poslala na vise Apple-ovih adresa. Cak je proslo nekoliko sati od detaljnog prikaza greske, koju je predstavio 9to5mac, do Apple-ovog blokiranja servera.

    Izgleda da je update sa ispravkama namerno odlozen zato sto vise nije moguce iskoristiti gresku, koja je serverski blokirana, a samim tim ispravke mogu da ubace u, vec ranije, isplaniran raspored pustanja update-ova.


    Deo teksta sa 9to5mac



    EDIT: Prema ovom, Group FaceTime ce uvek biti onemogucen na iOS 12.1-12.1.3.

    Macrumors

  3. #3
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default Re: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Decak Grant Thompson, cetrnaestogidisnjak, je kandidat za nagradu u okviru Apple-ovog bug bounty programa.

    CNBC je preneo vest da je visoko funkcioner posetio porodicu Thompson

    A high-level executive with Apple thanked us in person and also asked for our feedback, asked us how they could improve their reporting process.

    They also indicated that Grant would be eligible for the bug bounty program. And we would hear from their security team the following week in terms of what that meant.
    https://www.idownloadblog.com/2019/0...le-bug-bounty/

  4. #4
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default Re: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Ovaj bug, kao i Live Photos bug, u okviru Group FaceTime, koji je naknadno otkrio Apple, je ispravljen na iOS 12.1.4 i macOS 10.14.3.

    Grant Thompson, koji ga je i otkrio, dobija nagradu koja ce biti usmerena ka njegovom daljem obrazovanju.





  5. #5
    iPhoneBigFan
    Join Date
    Feb 2018
    Location
    BG
    Age
    38
    Posts
    161
    Thanks
    46
    Thanked 24 Times in 18 Posts

    Default Re: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Pa vi posle koristite FT...
    Ko zna od kada taj bug čuči u kodu.
    iPhone 7/iOS 10.1.1/yalu , iPad 2017/iOS 10.3.2

  6. #6
    iModerator bbrks's Avatar
    Join Date
    Jan 2012
    Posts
    11,851
    Thanks
    2,158
    Thanked 4,039 Times in 2,553 Posts

    Default Re: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Izvini, a sta to imas protiv FTa...... vrhunski gadget ....jeste zalosno sto su otkrili bug, ali eto opravise ga. Idemo dalje....

  7. The Following User Says Thank You to bbrks For This Useful Post:

    technobuba (09-02-2019)

  8. #7
    Administrator zabrljanje's Avatar
    Join Date
    Jul 2011
    Location
    Beograd
    Posts
    20,586
    Thanks
    1,024
    Thanked 9,596 Times in 6,435 Posts

    Default Re: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Ovo se odnosi na Group FaceTime i tacno se zna od kad cuci, a to je od iOS 12.1, kad je i omogucen.

    Ionako je za njih sad serverski zabranjen a FaceTime je zakon u odnosu na ostale usluge tog tipa. Pogotovo uz vise Apple uredjaja.

  9. #8
    iSrbijaHero technobuba's Avatar
    Join Date
    May 2010
    Age
    41
    Posts
    1,419
    Thanks
    670
    Thanked 358 Times in 230 Posts

    Default Re: Group FaceTime bug omogucava da sve cujete bez javljanja sagovornika

    Zamisli sta tek chuchi kod Viber i slicnih app! Zlo jedno od aplikacije kao i Whatsap, FB Messenger... zivio FT svakodnevno ga koristim i za mene nema boljeg!
    The positive the negative, the child the moon... This is only a test

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •