Apple has issued iOS 12.1.4 to the public. The software update addresses the Group FaceTime eavesdropping bug, which surfaced last week.
The eavesdropping bug allowed users to listen to other user’s conversation without their knowledge. What’s even more scary is the bug also transmitted the video feed to the caller when the user tried to ignore the call.
In response to this FaceTime bug, Apple quickly disabled the Group FaceTime feature to avoid people from being vulnerable. The company promised to air a fix to this eavesdropping bug last week, and now it’s alive in the form of iOS 12.1.4.
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX
Apple formally credited Grant Thompson of Catalina Foothills High School and Daven Morris of Arlington, TX for reporting the bug initially. The company will be compensating the Thompson family for finding and reporting the bug, with an additional scholarship for Thompson’s education.
In addition to addressing the FaceTime bug, Apple has also fixed a previously unidentified vulnerability in the Live Photos feature of FaceTime. The Live Photos bug was uncovered when Apple made a thorough security audit of the FaceTime service. The feature remains disabled on older versions of iOS to ensure users are on the latest release of the software for a safer and secure experience.