Apple Releases Fix for Group FaceTime Eavesdropping Bug
This morning, Apple released iOS 12.1.4, an incremental update that fixes several security issues including the Group FaceTime eavesdropping bug from last month. The Group FaceTime service has also been re-enabled for devices running iOS 12.1.4 or higher.
The eavesdropping bug, discovered accidentally in January by a 14-year-old from Arizona, caused certain Group FaceTime calls to automatically connect even if the recipient did not answer the call. This flaw allowed macOS or iOS users to be eavesdropped on by any malicious FaceTime user. The bug was disclosed privately to Apple by the teen and his mother at least a week before it went public, but it appears that Apple did not clearly or immediately respond to the bug reports they filed.
Shortly after the bug went viral on January 28th, Apple took the Group FaceTime service offline as a temporary fix before a patch could be released. On February 1st, with Group FaceTime still offline, Apple announced that the bug had been fixed server-side and that a client-side software update to fully resolve the issue would be available the week of February 4th.
- Major iPhone FaceTime bug lets you hear the audio of the person you are calling … before they pick up – 9to5Mac
- Serious FaceTime bug allows you to listen remotely before anyone answers — Apple to fix ‘later this week’ – The Verge
- Serious FaceTime Bug Lets You Hear a Person’s Audio Before They Answer – MacRumors
- Apple FaceTime privacy vulnerability lets another user listen in – Business Insider