• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Jailbroken Apple TV 2 Bug Lets User Access Stranger's Photostream Via MobileMe Account


    ModMyi user Brandyn Baker ran into an interesting Apple TV glitch that allows him to view a complete strangers photo stream.

    Baker has his Apple TV 2 (firmware 4.4.4) Jailbroken using Seas0nPass like many of you. However, while attempting to sync his Mobile Me account he accidentally entered the wrong email address.

    The thing is, the wrong one was someone else's and I can see all their pictures from photo stream! I tried it with some other original names and it worked again...
    After numerous google searches I wasn’t able to find a topic or thread about this specific bug. A number of complaints surfaced from users unable to sync their MobileMe accounts with Apple TV, but none accidentally happened across someone else’s account entirely.

    Apple has yet to respond to our emails regarding the bug.

    Any other MMi members out there experience this bug? Has anyone been in contact with Apple about it?

    Source: Brandyn Baker
    This article was originally published in forum thread: Jailbroken Apple TV 2 Bug Lets User Access Stranger's Photostream Via MobileMe Account started by Phillip Swanson View original post
    Comments 20 Comments
    1. trialnterror's Avatar
      trialnterror -
      Wow
    1. szr's Avatar
      szr -
      I assume this only allows one to view photos, but not actually edit anything.
    1. havoc0351's Avatar
      havoc0351 -
      Quote Originally Posted by szr View Post
      I assume this only allows one to view photos, but not actually edit anything.
      I sure hope so. This is one hell of a bug. I hope no one has any "private" pictures on their photo stream...
    1. kuhndsn's Avatar
      kuhndsn -
      Phillip Swanson 06:47 PM Today
      "Apple has yet to respond to our emails regarding the bug".

      Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

      No prob with mine. However, my apple tv is not Jailbroken
    1. Phillip Swanson's Avatar
      Phillip Swanson -
      Quote Originally Posted by kuhndsn View Post
      Phillip Swanson 06:47 PM Today
      "Apple has yet to respond to our emails regarding the bug".

      Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

      No prob with mine. However, my apple tv is not Jailbroken
      Thats the issue though, is this a bug because of the jailbreak or simply a MobileMe Apple TV bug. Most likely it is because of the jailbreak, but it still begs clarification.
    1. Gaijinboy's Avatar
      Gaijinboy -
      Quote Originally Posted by kuhndsn View Post
      Phillip Swanson 06:47 PM Today
      "Apple has yet to respond to our emails regarding the bug".

      Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

      No prob with mine. However, my apple tv is not Jailbroken
      It's Apple's responsibility to protect personal iCloud info, whether it's from JB'd devices. UnJB'd devices, or anywhere really.
    1. Captinsmooth's Avatar
      Captinsmooth -
      I think apple won't respond because its obvious the jailbreak is the cause of this breach. I also think its very irresponsible to be reporting this huge security flaw at modmyi, that's obviously due to the jail break. Its great, now people have to worry about there photo stream being accessed. What happen to Modmyi? There use to be a interest in protecting users, now its what ever news you can break.....
    1. msb2011's Avatar
      msb2011 -
      Quote Originally Posted by kuhndsn View Post
      Phillip Swanson 06:47 PM Today
      "Apple has yet to respond to our emails regarding the bug".

      Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

      No prob with mine. However, my apple tv is not Jailbroken
      Why wouldnt they respond. They must i mean regardless of jailbreak no body should be able to acess someone else mobile me account. This is a huge security flow with apple.

      Quote Originally Posted by Captinsmooth View Post
      I think apple won't respond because its obvious the jailbreak is the cause of this breach. I also think its very irresponsible to be reporting this huge security flaw at modmyi, that's obviously due to the jail break. Its great, now people have to worry about there photo stream being accessed. What happen to Modmyi? There use to be a interest in protecting users, now its what ever news you can break.....
      This is protecting users. Now we know what do at least for short term so that some junky out there cant acess our private pics.
    1. Agent929's Avatar
      Agent929 -
      Quote Originally Posted by kuhndsn View Post

      Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing
      That's bull. A security issue is still a security issue. If my information can be pulled onto somebody elses account, I would be pissed. It doesn't matter how they got it, Apple is suppose to secure my stuff.



      Mr. Swanson....geez I really wouldn't have put that up there until the bug got fixed. Don't you think that will get users starting to try this? Which I may add is illegal??
    1. luvmytj's Avatar
      luvmytj -
      Quote Originally Posted by Captinsmooth View Post
      I think apple won't respond because its obvious the jailbreak is the cause of this breach. I also think its very irresponsible to be reporting this huge security flaw at modmyi, that's obviously due to the jail break. Its great, now people have to worry about there photo stream being accessed. What happen to Modmyi? There use to be a interest in protecting users, now its what ever news you can break.....
      Yeah, I gotta agree with you. Ya know everyone is on their jailbroken ATV's entering random emails now...
    1. brandyn baker's Avatar
      brandyn baker -
      i forgot to add that some of them had locked albums so ther IS a way to secure your pictures. and to the person that said its becuase i was jailbroken is wrong! i could do this without the jailbreak as well... so dont jump to conclusions bro!

      you cant edit anything and if the user has a lock on the album you need the password, so there is a way to further protect yourself!

      you cant acces them if your album has a password for the album!
    1. Lamppost's Avatar
      Lamppost -
      Unless I'm missing something this is not a bug at all!
      From the video it looks like all that's happening is viewing another user's public MobileMe galleries.
      You can do this out of the box on an AppleTV, or on an iOS device using Apple's own Gallery app! So not so much a bug as an deliberate feature.
      An nothing to do with iCloud's photostream.
    1. Delerowen's Avatar
      Delerowen -
      Quote Originally Posted by Lamppost View Post
      Unless I'm missing something this is not a bug at all!
      From the video it looks like all that's happening is viewing another user's public MobileMe galleries.
      You can do this out of the box on an AppleTV, or on an iOS device using Apple's own Gallery app! So not so much a bug as an deliberate feature.
      An nothing to do with iCloud's photostream.
      Yeah what he said. After a bit of digging around myself, it's an apparent feature. You don't have to have mobileme to even be able to look at peoples photo. So while this may be little worrisome, it's nothing to worry about. It's just a feature of MobileME.
    1. bijju's Avatar
      bijju -
      apple need to fix it fast or i would say goodbye to Mobile me or even apple new beta products
    1. recognition's Avatar
      recognition -
      Quote Originally Posted by Delerowen View Post
      Yeah what he said. After a bit of digging around myself, it's an apparent feature. You don't have to have mobileme to even be able to look at peoples photo. So while this may be little worrisome, it's nothing to worry about. It's just a feature of MobileME.
      Absolutly true, just go to the MobileMe gallery app on the app store and read the description,

      and I quote...

      "To view a friends gallery, simply choose their name from your contacts or enter their MobileMe member name and you'll get instant access to their PUBLICLY SHARED PHOTO'S, too."

      Apple don't need to do anything, if you haven't set up your photo stream properly or are taking photos you don't want publicly shared you should be taking more care and reading the full description of the service!

      People are just moaning because they're to lazy to read what the service actually does!
    1. AUZambo's Avatar
      AUZambo -
      Interesting. I'll have to give it a shot.

      *EDIT for 2 reasons:
      1. Could the developers of this site please fix the bug that causes only one of the posts to show up when you click the article link from the main page? It doesn't happen all the time, but it happens frequently enough that it's annoying!

      2. I guess I won't be giving it a shot since it appears to be a feature available to all ATV2 owners....which makes me wonder why Apple hasn't responded to questions about this with something like, "You big dummy. That's a feature built into the device, whether it's jailbroken or not."
    1. Raahem's Avatar
      Raahem -
      Bahahahahahhaha you're all stupid and gullible

      l2put photos on private
    1. dz302's Avatar
      dz302 -
      Quote Originally Posted by Phillip Swanson View Post
      Thats the issue though, is this a bug because of the jailbreak or simply a MobileMe Apple TV bug. Most likely it is because of the jailbreak, but it still begs clarification.
      Your amazing Phil. Why would you think it "begs" clarification? The security issue is on only jb'n units and your holding
      Apple accountable to research this? You emailed Apple and they have yet to answer you? lol Heads will roll at Apple
      if corporate should find out you've been kept waiting. Painful Phil, very painful.

      dz
    1. aaroncm's Avatar
      aaroncm -
      Some people are so stupid.

      It's Apples responsibility to fix an iCloud vulnerability. If a jailbroken ATV can access a non-jailbroken ATV's stream, then Apples at fault here, and needs to patch it up.

      @people saying its jailbreakers fault.
    1. ohai's Avatar
      ohai -
      these are publicly shared photos; watch the video, and then go and look at MobileMe Gallery.