Apple Fixing FaceTime Eavesdropping Bug in iOS 12.1.4 Update Coming Today

[MacRumors]

Apple is today releasing an updated version of iOS 12.1.4, which is designed to address a major FaceTime bug that was widely publicized last Monday. The new update comes two weeks after the launch of iOS 12.1.3, an update that introduced bug fixes.

The iOS 12.1.4 update will be available on all eligible devices over-the-air in the Settings app. To access the update, go to Settings --> General --> Software Update. Apple typically releases new iOS software at 10:00 a.m. Pacific Time or 1:00 p.m. Eastern Time, so that's when the update should become available.

Subscribe to the MacRumors YouTube channel for more videos.​

With this update, Apple is fixing an insidious FaceTime bug that could allow someone to spy on you without your permission or knowledge. By exploiting this bug, someone could force a FaceTime call with you, giving them access to your iPhone, iPad, or Mac's audio or video even without you accepting the FaceTime call.

To do this, all someone needed to do was initiate a FaceTime call with you and then add their own phone number to the FaceTime call to convert it to a Group FaceTime call, which, apparently, forces a FaceTime connection.

From there, the person would be able to hear your audio, even though on your end, it would look like the call hadn't been accepted. If you hit the power button to make the call go away, it would give the person access to your camera.

In our testing, the bug was able to be initiated on iPhones running both iOS 12.2 and iOS 12.1.3, and it affected iPhones, Macs, and iPads running the latest version of Apple's software.

Shortly after the bug was publicized last Monday, Apple said that it was aware of the issue and was already working on a fix set to be released later in the week, which was later delayed until this week. Apple also temporarily made Group FaceTime unavailable by taking the server offline, which put a stop to the bug. Going forward, Group FaceTime will only be available on devices running iOS 12.1.4 or later.

With today's update, the FaceTime bug will no longer be able to be exploited, though it remains unclear if it has been available for use since Group FaceTime launched in October last year or if it became an issue in a later software update.

Article Link: Apple Fixing FaceTime Eavesdropping Bug in iOS 12.1.4 Update Coming Today

 

[Baymowe335]

A needed fix and a huge bruise for Apple on the privacy front.

Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.

 

[44267547]

An unfortunate mistake, but good to see it’s finally being resolved. Time to move forward and double, even triple check your work, especially when it comes to privacy for the consumer, which Apple takes so seriously and has always taken pride in over the years.

 

[cocky jeremy]

A needed fix and a huge bruise for Apple on the privacy front.

Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.

Bugs happen.

 

[drrocky]

Does mac os require an update as well?

 

[nutmac]

A needed fix and a huge bruise for Apple on the privacy front.

Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.

As @cocky jeremy said, bugs happen. The problem with this debacle is the difficulty in alerting Apple on urgent issues. Creating a developer account to file a security bug isn't the ideal way for non technical customers to file an urgent issue. Yes, Apple is a big company so it would be difficult to triage issues in a timely manner. But it is a challenge Apple needs to solve.

 

[AngerDanger]

Subscribe to the MacRumors YouTube channel for more videos.​

You know, I really like the all caps of "MAJOR" but think a bit of work could be used elsewhere to really grab attention…

Perfect!

 

[mi7chy]

Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.

 

[Lobwedgephil]

Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.

Big difference between a bug and a company's policy.

 

[dannyyankou]

Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.

But Facebook and Google’s privacy issues are intentional, while Apple’s are unintentional.

 

[Sasparilla]

A rushed update being pushed into production ASAP - who's in to install first? /s

Guessing it should be a safe update since it shouldn't do anything but fix the Facetime issue.

Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.

That makes no sense.

 

[WannaGoMac]

Funny, I noticed this bug months ago when they turned on Facetime group. I just assumed it was designed to work that way or just an inherent limitation of how the technology was limited.

 

[johannnn]

Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.

This was a bug. What FB/G are doing is not a bug.

 

[Baymowe335]

Bugs happen.

I'm the person saying that consistently. However, this bug cannot happen. Just can't happen. I'm not a software engineer, but this is a bad look.

I probably would have fired Craig over this if I'm Cook.

 

[mi7chy]

Big difference between a bug and a company's policy.

Real difference is Facebook is social media so implicitly public while Facetime call is implicitly private. Facetime privacy breach is orders of magnitude worse in comparison.

 

[44267547]

Big difference between a bug and a company's policy.

This is well said. And if you look at Apple’s Model over the course of time, it’s always been about privacy to the consumer. And as someone else mentioned ‘Bugs happen’, but I think this one exploited where they put the consumer in a position of vulnerability with their privacy given the circumstances. Apple isn’t perfect, they make mistakes like every other tech company, but this is something that they definitely have to capitalize on and now allow to happen in the future. In My opinion, perfection doesn’t always exists, Apple needs to strive for excellence throughout releasing software.

 

[Heat_Fan89]

A needed fix and a huge bruise for Apple on the privacy front.

Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.

I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.

 

[Baymowe335]

I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.

The huge emphasis Apple places on privacy and the highest breach of privacy was made in this bug. I understand it was likely never even experienced by anyone, but it's just a hugely bad look when you're preaching privacy, security, and information protection.

 

[Suttree]

Bugs happen.

I don’t think he can see your message from his horse.

 

[nfl46]

I probably would have fired Craig over this if I'm Cook.

Jeez, calm down!

 

[BootsWalking]

I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.

Because it's a bug that strikes at the heart of privacy for its users, allowing their personal lives to be on full display to anyone who surreptitiously calls them. And because it took Apple an entire week to respond to it.

 

[kennyt72]

But Facebook and Google’s privacy issues are intentional, while Apple’s are unintentional.

You keep telling yourself that, I believe Apple are just as bad as the rest of them it's just not known yet.

 

[nutmac]

I'm the person saying that consistently. However, this bug cannot happen. Just can't happen. I'm not a software engineer, but this is a bad look.

I probably would have fired Craig over this if I'm Cook.

By your definition, all major security bugs should not have happened either. As much as we want everything to be perfect, computer software is written by people and they have become exponentially more complex over the years.

Automated unit tests and other practices have improved the quality, but it's impossible to take every permutations into account.

Hopefully, Apple will streamline and improve the bug reporting process moving forward.

 

[69Mustang]

I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.

It's a bad look because, as @nutmac mentioned, you don't make a consumer sign up for a dev account to report a bug. That process shouldn't be as it is. Far too inefficient and convoluted for a layman to use. Simply having a bug wasn't the issue.

 

[nt5672]

Bugs happen.

Yes, bugs do happen, but the rate and severity of Apple's bugs of late are just a result of inattention or lack of performance. Only Apple knows for sure, but they sure don't seem to mind. I guess they have the same attitude as those here, which is "bugs happen and we'll fix'em when the public finds out." That attitude "Bugs happen" sure drives people to the best performance does it not?

No expectation, no drive to achieve, lets all get behind the "its ok because bugs happen" crowd.