Apple recently face lot of fire due to one of the biggest bugs discovered in iOS. The bug, spotted in Group FaceTime video calling, allowed callers to eavesdrop others without them picking up the call. Although that has been fixed with the recent iOS 12.1.4 version, a new one has been spotted that also has Instagram’s involvement in it.
Reported by 9to5Mac, the flaw came as a part of Exposure, a third-party utility app that was being used by Apple for the ‘Shot on iPhone’ campaign. The Exposure app helps brands (Apple in this case) to connect with Instagram users and getting the licence to use their images for marketing (‘Shot on iPhone’ campaign in this case).
Once Apple selects an image for marketing, it uses Exposure to speed up the licensing process. Exposure then sends the Instagram user a form to fill, asking for his/her contact details and other copyright details for the photo. The flaw, however, made these personal details accessible by anyone.


Apple adds two-factor authentication requirement for developer accountsIn a bid to secure developer accounts from hackers, Apple has added the requirement of a two-factor authentication (2FA) protocol for all app makers that would protect their Apple IDs.

What's at stake?The report says that this flaw gave out the email IDs of iOS users who shot images using an iPhone and filled out the forms by Exposure, which was used by Apple. In addition, the flaw gave some metadata details on the image as well.

Although this seems like a minor threat, it still is giving out iOS users’ personal details out in the open. But it won’t happen anymore as Apple has reportedly stopped using Exposure after being alerted about this flaw.

Exposure accepts the flaw

Ingnite, the parent company of Exposure also gave a statement. “At 10:29 a.m. ET on February 13, 2019, Chute became aware that individuals who made it through the full submission and rights approval process may have had information potentially exposed to others. This potential issue was limited to a small fraction of all such users who have posted their images to Apple for consideration. After immediately investigating the issue, Chute shut down the relevant part of the application at 11:32 a.m. ET on February 13, 2019, containing the issue. The problem identified was in the Chute solution and is not part of any of Apple’s software or systems,” said the firm in a statement to 9to5Mac. The firm claims that no user data has been compromised until now.

Source: gadgetsnow.com