How Apple's 'mistake' exposed iPhone users' personal details

Update: 2019-02-16 14:59 IST

Recently Apple faced a lot of criticism due to one of the biggest bugs noticed in iOS. The bug, spotted in Group FaceTime video calling, allowed callers to eavesdrop others without them answering the call. Even though that has been fixed with the recent iOS 12.1.4 version, a new one has been discovered that also has Instagram’s involvement in it. 

The flaw came as a part of Exposure, a third-party utility app that was being used by Apple for the ‘Shot on iPhone’ campaign. The Exposure app helps brands to connect with Instagram users and getting the license to use their images for marketing, in this case, the one that is ‘Shot on iPhone’ campaign. 

Once an image is selected for marketing by Apple, to speed up the licensing process, it uses Exposure. Exposure then sends a form to fill to the Instagram user, asking for his/her contact details and other copyright details for the photograph. However, the flaw has made these personal details accessible by anyone. 

In a proposal to secure developer accounts from the hackers, Apple has added the obligation of two-factor authentication (2FA) protocol for all app makers to protect their Apple IDs.

What's at stake?

According to the report, this flaw gave out the email IDs of iOS users who shot images using an iPhone device and filled out the forms using Exposure, which was used by Apple. In addition, the flaw also gave some metadata details on the image.

Even though this looks like a minor threat, it still is leaking out iOS users’ personal details openly. It won’t continue anymore as Apple has stopped using Exposure after being alerted about this flaw.

Exposure accepts the flaw

Ingnite, the parent company of Exposure also gave a statement. “At 10:29 a.m. ET on February 13, 2019, Chute became aware that individuals who made it through the full submission and rights approval process may have had information potentially exposed to others.

This potential issue was limited to a small fraction of all such users who have posted their images to Apple for consideration. After immediately investigating the issue, Chute shut down the relevant part of the application at 11:32 a.m. ET on February 13, 2019, containing the issue.

The problem identified was in the Chute solution and is not part of any of Apple’s software or systems,” said the firm in a statement. The firm claims no user data has been compromised until now. 

Tags:    

Similar News