Apple Fixing FaceTime Eavesdropping Bug in iOS 12.1.4 Update Coming Today

Status
Not open for further replies.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,663
10,082



Apple is today releasing an updated version of iOS 12.1.4, which is designed to address a major FaceTime bug that was widely publicized last Monday. The new update comes two weeks after the launch of iOS 12.1.3, an update that introduced bug fixes.

The iOS 12.1.4 update will be available on all eligible devices over-the-air in the Settings app. To access the update, go to Settings --> General --> Software Update. Apple typically releases new iOS software at 10:00 a.m. Pacific Time or 1:00 p.m. Eastern Time, so that's when the update should become available.


With this update, Apple is fixing an insidious FaceTime bug that could allow someone to spy on you without your permission or knowledge. By exploiting this bug, someone could force a FaceTime call with you, giving them access to your iPhone, iPad, or Mac's audio or video even without you accepting the FaceTime call.

To do this, all someone needed to do was initiate a FaceTime call with you and then add their own phone number to the FaceTime call to convert it to a Group FaceTime call, which, apparently, forces a FaceTime connection.

From there, the person would be able to hear your audio, even though on your end, it would look like the call hadn't been accepted. If you hit the power button to make the call go away, it would give the person access to your camera.

In our testing, the bug was able to be initiated on iPhones running both iOS 12.2 and iOS 12.1.3, and it affected iPhones, Macs, and iPads running the latest version of Apple's software.

Shortly after the bug was publicized last Monday, Apple said that it was aware of the issue and was already working on a fix set to be released later in the week, which was later delayed until this week. Apple also temporarily made Group FaceTime unavailable by taking the server offline, which put a stop to the bug. Going forward, Group FaceTime will only be available on devices running iOS 12.1.4 or later.

With today's update, the FaceTime bug will no longer be able to be exploited, though it remains unclear if it has been available for use since Group FaceTime launched in October last year or if it became an issue in a later software update.

Article Link: Apple Fixing FaceTime Eavesdropping Bug in iOS 12.1.4 Update Coming Today
 

Baymowe335

macrumors 603
Oct 6, 2017
6,138
11,225
A needed fix and a huge bruise for Apple on the privacy front.

Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.
 

Relentless Power

macrumors Nehalem
Jul 12, 2016
33,193
34,194
An unfortunate mistake, but good to see it’s finally being resolved. Time to move forward and double, even triple check your work, especially when it comes to privacy for the consumer, which Apple takes so seriously and has always taken pride in over the years.
 

nutmac

macrumors 601
Mar 30, 2004
4,550
2,729
A needed fix and a huge bruise for Apple on the privacy front.

Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.
As @cocky jeremy said, bugs happen. The problem with this debacle is the difficulty in alerting Apple on urgent issues. Creating a developer account to file a security bug isn't the ideal way for non technical customers to file an urgent issue. Yes, Apple is a big company so it would be difficult to triage issues in a timely manner. But it is a challenge Apple needs to solve.
 

mi7chy

macrumors 604
Oct 24, 2014
6,502
7,445
Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.
 

Sasparilla

macrumors 65816
Jul 6, 2012
1,431
2,220
A rushed update being pushed into production ASAP - who's in to install first? /s

Guessing it should be a safe update since it shouldn't do anything but fix the Facetime issue.

Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.
That makes no sense.
 

WannaGoMac

macrumors 68020
Feb 11, 2007
2,432
3,375
Funny, I noticed this bug months ago when they turned on Facetime group. I just assumed it was designed to work that way or just an inherent limitation of how the technology was limited.
 

mi7chy

macrumors 604
Oct 24, 2014
6,502
7,445
Big difference between a bug and a company's policy.
Real difference is Facebook is social media so implicitly public while Facetime call is implicitly private. Facetime privacy breach is orders of magnitude worse in comparison.
 
Last edited:

Relentless Power

macrumors Nehalem
Jul 12, 2016
33,193
34,194
Big difference between a bug and a company's policy.
This is well said. And if you look at Apple’s Model over the course of time, it’s always been about privacy to the consumer. And as someone else mentioned ‘Bugs happen’, but I think this one exploited where they put the consumer in a position of vulnerability with their privacy given the circumstances. Apple isn’t perfect, they make mistakes like every other tech company, but this is something that they definitely have to capitalize on and now allow to happen in the future. In My opinion, perfection doesn’t always exists, Apple needs to strive for excellence throughout releasing software.
 

Heat_Fan89

macrumors 6502a
Feb 23, 2016
611
504
A needed fix and a huge bruise for Apple on the privacy front.

Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.
I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.
 

Baymowe335

macrumors 603
Oct 6, 2017
6,138
11,225
I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.
The huge emphasis Apple places on privacy and the highest breach of privacy was made in this bug. I understand it was likely never even experienced by anyone, but it's just a hugely bad look when you're preaching privacy, security, and information protection.
 

BootsWalking

macrumors 65816
Feb 1, 2014
1,304
7,618
I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.
Because it's a bug that strikes at the heart of privacy for its users, allowing their personal lives to be on full display to anyone who surreptitiously calls them. And because it took Apple an entire week to respond to it.
 

nutmac

macrumors 601
Mar 30, 2004
4,550
2,729
I'm the person saying that consistently. However, this bug cannot happen. Just can't happen. I'm not a software engineer, but this is a bad look.

I probably would have fired Craig over this if I'm Cook.
By your definition, all major security bugs should not have happened either. As much as we want everything to be perfect, computer software is written by people and they have become exponentially more complex over the years.

Automated unit tests and other practices have improved the quality, but it's impossible to take every permutations into account.

Hopefully, Apple will streamline and improve the bug reporting process moving forward.
 

69Mustang

macrumors 604
Jan 7, 2014
7,326
13,683
In between a rock and a hard place
I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.
It's a bad look because, as @nutmac mentioned, you don't make a consumer sign up for a dev account to report a bug. That process shouldn't be as it is. Far too inefficient and convoluted for a layman to use. Simply having a bug wasn't the issue.
 

nt5672

macrumors 68020
Jun 30, 2007
2,016
4,369
Bugs happen.
Yes, bugs do happen, but the rate and severity of Apple's bugs of late are just a result of inattention or lack of performance. Only Apple knows for sure, but they sure don't seem to mind. I guess they have the same attitude as those here, which is "bugs happen and we'll fix'em when the public finds out." That attitude "Bugs happen" sure drives people to the best performance does it not?

No expectation, no drive to achieve, lets all get behind the "its ok because bugs happen" crowd.
 
  • Like
Reactions: mi7chy
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.