Along with Apple’s FaceTime beta release came a new iTunes Store account security flaw. While people were poking around in the app, they noticed that they could easily access their iTunes Store accounts right from the app. In doing so, they’re able to update their account settings without re-entering the iTunes Store password. To make matters worse, the application automatically saves your username and password even if you sign out — as demonstrated in the Gallery of pictures attached to this post.
While the original intention of this post was to show you a quick fix through the removal of a .plist, it seems Apple has beaten me to the quick fix punch. First, the easy… yet annoying fix:
Go to your User Folder / Library / Preferences and delete com.apple.FaceTime.plist
That will reset the settings for the app and clear out your password. If you’re like me, you probably played with this app as soon as possible. This meant that I installed FaceTime and signed into my iTunes Store account on a friend’s machine so I could test it out. I obviously didn’t want to leave them with access to my stuff so I immediately went to remove the .plist. So that’s one fix, but guess what Apple did to fix the issue…
They blocked FaceTime access to the iTunes Store servers completely. If you were to go into FaceTime preferences and click Account, you’ll see two options available: Change Location and View Account. Go ahead, click View Account. The next page will attempt to load but immediately bounce you back to the Account preferences panel. It’s a sneaky work around to a potentially serious security flaw. I’m actually impressed that Apple knocked that out so quickly. Here’s betting that we’ll see an updated version of FaceTime sooner rather than later.
Special thanks goes to Christopher Nice for additional verification.