Apple Fixing FaceTime Eavesdropping Bug in iOS 12.1.4 Update Coming Today

Discussion in 'iOS Blog Discussion' started by MacRumors, Feb 7, 2019.

Thread Status:
Not open for further replies.
  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Apple is today releasing an updated version of iOS 12.1.4, which is designed to address a major FaceTime bug that was widely publicized last Monday. The new update comes two weeks after the launch of iOS 12.1.3, an update that introduced bug fixes.

    The iOS 12.1.4 update will be available on all eligible devices over-the-air in the Settings app. To access the update, go to Settings --> General --> Software Update. Apple typically releases new iOS software at 10:00 a.m. Pacific Time or 1:00 p.m. Eastern Time, so that's when the update should become available.


    With this update, Apple is fixing an insidious FaceTime bug that could allow someone to spy on you without your permission or knowledge. By exploiting this bug, someone could force a FaceTime call with you, giving them access to your iPhone, iPad, or Mac's audio or video even without you accepting the FaceTime call.

    To do this, all someone needed to do was initiate a FaceTime call with you and then add their own phone number to the FaceTime call to convert it to a Group FaceTime call, which, apparently, forces a FaceTime connection.

    From there, the person would be able to hear your audio, even though on your end, it would look like the call hadn't been accepted. If you hit the power button to make the call go away, it would give the person access to your camera.

    In our testing, the bug was able to be initiated on iPhones running both iOS 12.2 and iOS 12.1.3, and it affected iPhones, Macs, and iPads running the latest version of Apple's software.

    Shortly after the bug was publicized last Monday, Apple said that it was aware of the issue and was already working on a fix set to be released later in the week, which was later delayed until this week. Apple also temporarily made Group FaceTime unavailable by taking the server offline, which put a stop to the bug. Going forward, Group FaceTime will only be available on devices running iOS 12.1.4 or later.

    With today's update, the FaceTime bug will no longer be able to be exploited, though it remains unclear if it has been available for use since Group FaceTime launched in October last year or if it became an issue in a later software update.

    Article Link: Apple Fixing FaceTime Eavesdropping Bug in iOS 12.1.4 Update Coming Today
     
  2. Baymowe335 Suspended

    Joined:
    Oct 6, 2017
    #2
    A needed fix and a huge bruise for Apple on the privacy front.

    Many of you know I am a huge Apple defender, but this was a bad look. Good on Apple for getting it resolved, but this nonsense can't happen again.
     
  3. Relentless Power macrumors Penryn

    Relentless Power

    Joined:
    Jul 12, 2016
    #3
    An unfortunate mistake, but good to see it’s finally being resolved. Time to move forward and double, even triple check your work, especially when it comes to privacy for the consumer, which Apple takes so seriously and has always taken pride in over the years.
     
  4. cocky jeremy macrumors 68040

    cocky jeremy

    Joined:
    Jul 12, 2008
    Location:
    Columbus, OH
    #4
    Bugs happen.
     
  5. drrocky macrumors newbie

    Joined:
    May 17, 2005
    #5
    Does mac os require an update as well?
     
  6. nutmac macrumors 68040

    Joined:
    Mar 30, 2004
    #6
    As @cocky jeremy said, bugs happen. The problem with this debacle is the difficulty in alerting Apple on urgent issues. Creating a developer account to file a security bug isn't the ideal way for non technical customers to file an urgent issue. Yes, Apple is a big company so it would be difficult to triage issues in a timely manner. But it is a challenge Apple needs to solve.
     
  7. AngerDanger, Feb 7, 2019
    Last edited: Feb 7, 2019

    AngerDanger macrumors 68040

    AngerDanger

    Joined:
    Dec 9, 2008
    #7
    You know, I really like the all caps of "MAJOR" but think a bit of work could be used elsewhere to really grab attention…

    Screen Shot 2019-02-07 at 12.40.30 PM.png

    Perfect!
     
  8. mi7chy macrumors 603

    mi7chy

    Joined:
    Oct 24, 2014
    #8
    Lesson learned. Don't throw poop at the wind at other companies like Facebook and Google in regards to privacy.
     
  9. Lobwedgephil macrumors 601

    Lobwedgephil

    Joined:
    Apr 7, 2012
    #9
    Big difference between a bug and a company's policy.
     
  10. dannyyankou macrumors 604

    dannyyankou

    Joined:
    Mar 2, 2012
    Location:
    Scarsdale, NY
    #10
    But Facebook and Google’s privacy issues are intentional, while Apple’s are unintentional.
     
  11. Sasparilla macrumors 65816

    Joined:
    Jul 6, 2012
    #11
    A rushed update being pushed into production ASAP - who's in to install first? /s

    Guessing it should be a safe update since it shouldn't do anything but fix the Facetime issue.

    That makes no sense.
     
  12. WannaGoMac macrumors 68020

    WannaGoMac

    Joined:
    Feb 11, 2007
    #12
    Funny, I noticed this bug months ago when they turned on Facetime group. I just assumed it was designed to work that way or just an inherent limitation of how the technology was limited.
     
  13. johannnn macrumors 65816

    johannnn

    Joined:
    Nov 20, 2009
    Location:
    Sweden
    #13
    This was a bug. What FB/G are doing is not a bug.
     
  14. Baymowe335 Suspended

    Joined:
    Oct 6, 2017
    #14
    I'm the person saying that consistently. However, this bug cannot happen. Just can't happen. I'm not a software engineer, but this is a bad look.

    I probably would have fired Craig over this if I'm Cook.
     
  15. mi7chy, Feb 7, 2019
    Last edited: Feb 7, 2019

    mi7chy macrumors 603

    mi7chy

    Joined:
    Oct 24, 2014
    #15
    Real difference is Facebook is social media so implicitly public while Facetime call is implicitly private. Facetime privacy breach is orders of magnitude worse in comparison.
     
  16. Relentless Power macrumors Penryn

    Relentless Power

    Joined:
    Jul 12, 2016
    #16
    This is well said. And if you look at Apple’s Model over the course of time, it’s always been about privacy to the consumer. And as someone else mentioned ‘Bugs happen’, but I think this one exploited where they put the consumer in a position of vulnerability with their privacy given the circumstances. Apple isn’t perfect, they make mistakes like every other tech company, but this is something that they definitely have to capitalize on and now allow to happen in the future. In My opinion, perfection doesn’t always exists, Apple needs to strive for excellence throughout releasing software.
     
  17. Heat_Fan89 macrumors 6502

    Joined:
    Feb 23, 2016
    #17
    I'm not an Apple defender but why was it a bad look? All software has bugs and sh*t happens. They were alerted to the problem, they verified the bug then identified what caused it then they quickly fixed it. There will be many other bugs to squash, that's an operating system for you. It will never be perfect.
     
  18. Baymowe335 Suspended

    Joined:
    Oct 6, 2017
    #18
    The huge emphasis Apple places on privacy and the highest breach of privacy was made in this bug. I understand it was likely never even experienced by anyone, but it's just a hugely bad look when you're preaching privacy, security, and information protection.
     
  19. Suttree macrumors member

    Suttree

    Joined:
    Jul 21, 2018
    #19
    I don’t think he can see your message from his horse.
     
  20. nfl46 macrumors 604

    Joined:
    Oct 5, 2008
    #20
    Jeez, calm down!
     
  21. BootsWalking macrumors 6502a

    Joined:
    Feb 1, 2014
    #21
    Because it's a bug that strikes at the heart of privacy for its users, allowing their personal lives to be on full display to anyone who surreptitiously calls them. And because it took Apple an entire week to respond to it.
     
  22. kennyt72 macrumors member

    Joined:
    Jan 15, 2011
    Location:
    Chelsea, London, England
    #22
    You keep telling yourself that, I believe Apple are just as bad as the rest of them it's just not known yet.
     
  23. nutmac macrumors 68040

    Joined:
    Mar 30, 2004
    #23
    By your definition, all major security bugs should not have happened either. As much as we want everything to be perfect, computer software is written by people and they have become exponentially more complex over the years.

    Automated unit tests and other practices have improved the quality, but it's impossible to take every permutations into account.

    Hopefully, Apple will streamline and improve the bug reporting process moving forward.
     
  24. 69Mustang macrumors 603

    69Mustang

    Joined:
    Jan 7, 2014
    Location:
    In between a rock and a hard place
    #24
    It's a bad look because, as @nutmac mentioned, you don't make a consumer sign up for a dev account to report a bug. That process shouldn't be as it is. Far too inefficient and convoluted for a layman to use. Simply having a bug wasn't the issue.
     
  25. nt5672 macrumors 68000

    Joined:
    Jun 30, 2007
    #25
    Yes, bugs do happen, but the rate and severity of Apple's bugs of late are just a result of inattention or lack of performance. Only Apple knows for sure, but they sure don't seem to mind. I guess they have the same attitude as those here, which is "bugs happen and we'll fix'em when the public finds out." That attitude "Bugs happen" sure drives people to the best performance does it not?

    No expectation, no drive to achieve, lets all get behind the "its ok because bugs happen" crowd.
     
Thread Status:
Not open for further replies.

Share This Page