I think it’s MITM since they weren’t enforcing TLS to begin with 

Notably this is not the first time Apple has issues with checking identities on TLS initial connection. There was a famous bug years ago called "Goto Fail" where MacOS would just accept any signature/identity in certain cases.

Sometimes you just want to shake Apple management and scream: implement. basic. unit. tests. for. security. stuff. aaaaa.

![](https://media4.giphy.com/media/v1.Y2lkPTc5MGI3NjExbHhqaGFkaTZ2emx6ZzU2ZTkyNjdua2lwOXd5aG9tbGdvYTdpOWJxYyZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/l2JegJo8JmpRf9cas/giphy.gif)

> This left the user vulnerable: an attacker with privileged network access could intercept the HTTP request and redirect the user to a phishing website

That's not a phishing attack. That sounds like a profound security hole in the TLS implementation. 

zuspotirko

Not surprised. Apple has never done a good job on their apps. There are good alternative third party apps that are open source as well. 

kepford

Facetomany can transform a single face photo into various styles, including 3D, emoji, pixel art, video game style, claymation, or toy style.
You only need to upload a single photo as input, and then select the style you want to convert it to, that's all. You can also enter a simple prompt to control the style you want to generate.
We will only use the photos uploaded by users for the stated functionality, and absolutely not for any other purposes. You can rest assured that your privacy is fully respected and protected by us.
The model offers several parameters for user customization, including denoising strength (to control the extent to which the original image is preserved), prompt strength (to control the impact of the prompt on the outcome), depth control strength, and InstantID strength.
