As expected, Apple has rushed out a fix for a bug that allowed folks to eavesdrop on others through Group FaceTime. While Apple had already addressed the issue on its servers, AppleInsider (opens in new tab) pointed out, iOS 12.1.4 fixes this exploit on devices.
Apple had swiftly disabled Group FaceTime after news of the bug started trending on social media. In the days following, it was discovered that the mother of US teen Grant Thompson alerted the company a week before it took action; Apple is reportedly rewarding the family per its bug hunting policy.
Here’s Apple’s new statement on the iOS 12.1.4 update that fixes FaceTime Group calls.(And yes, Apple’s going to both bounty Grant Thompson and his family for the bug, and make an extra contribution towards his education.)Full text in description for accessibility. pic.twitter.com/HOtPa5UvhYFebruary 7, 2019
- What's coming in the iPhone 11 this year?
- Forget last year's phones – here are the first ones that will harness 5G
- All the rumors of what's coming down the pipe at MWC 2019
Apple acted quickly because the bug was particularly easy to exploit: a caller just needed to start a FaceTime video call, and while it was ringing, add themselves (via their phone number or Apple ID) to make it a conference call.
Even if the recipient didn’t answer or refused the call, the initiator could eavesdrop through the former’s device. Sometimes they could even see through the recipient’s front-facing camera (reportedly when declining the call by pressing the power button).
Wait for more features
The update also had a handful of fixes for unrelated bugs in Foundation, IOKit and Live Photos in FaceTime, per Apple’s security notes (opens in new tab) for iOS 12.1.4. But these vulnerabilities had apparently been exploited – which was confirmed by Ben Hawkes, who heads Google Project Zero security research team, as spotted by Forbes (opens in new tab).
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.February 7, 2019
There aren't any new features in this update, sadly, but that isn’t surprising: with issues as widespread and easily-exploitable as the Group FaceTime vulnerability, Apple typically acts quickly to stem the bleeding, so to speak.
That means any features you might have been waiting for are still down the line – and may come in iOS 12.2, which recently opened its beta version to the public. So far, we’ve seen more animoji (like a shark and warthog) as well as tweaks to the Control Center, along with other updates yet to be revealed.
- Need a reminder why iOS is still worth it? See where iPhones rank in our best phones list