Skip to main content

After acrimonious parting, Apple credits former engineer for identifying Find My privacy flaw

Avatar for Ben Lovejoy  | Sep 27 2023 - 7:42 am PT
11 Comments

Apple and its former engineer Cher Scarlett didn’t exactly part on the best of terms, but the company has publicly thanked them for identifying a Find My privacy flaw …

Background – the acrimonious parting

Cher Scarlett was one of the founders of the #AppleToo movement, which sought to highlight management problems in the company, including what were said to be unfair pay differentials between men and women.

The organisation also said that many issues of concern raised by employees were brushed aside by HR.

So far, we’ve received nearly 500 responses, and hundreds of stories of racism, sexism, discrimination, retaliation, bullying, sexual and other forms of harassment, and sexual assault that happened at the hands of a colleague off of campus. The main thread? Being ignored by HR.

Scarlett also assisted retail staff in unionizing efforts, after leaving the company.

Find My privacy flaw

As part of the launch of macOS Sonoma, Apple listed no fewer than 61 security fixes. Apple provided details for some of these, while others listed only the app or feature affected, without going into any details.

One of these was Find My, where no details were provided, but Apple thanks its former engineer.

Find My

We would like to acknowledge Cher Scarlett for their assistance.

Scarlett explained the background to this, thanking security researchers Mysk for their assistance in confirming the issue.

The problem was that when you blocked a contact, the person could still share their location with you, and they would appear in your Find My app. There was no way to decline, they just showed up. You had to go into the app to remove them.

That would be bad enough, as an abuser could repeatedly do this in order to make a victim feel hassled or intimidated, and there was no way to prevent this despite the fact that you’d blocked them.

But it was much, much worse. Merely sharing their location would again allow them to message you.

Scarlett said they have fought since May to get Apple to fix this. Although listed as a Mac issue, the privacy issue is now fixed across all Apple devices.

Add 9to5Mac to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Mac on YouTube for more Apple news:

Comments

Guides

Privacy

Privacy

Privacy is a growing concern in today's world. F…
Security

Security
Find My

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear

Dell 49-inch curved monitor

Dell 49-inch curved monitor

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
Please wait...processing