Apple's iOS 12.1.4 Update to Fix FaceTime Eavesdropping Bug Showing Up in Analytics

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Jan 31, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Apple's upcoming fix for the FaceTime eavesdropping bug that was discovered on Monday will come in the form of an iOS 12.1.4 update, according to MacRumors analytics data.

    We began seeing a handful of visits from devices running an iOS 12.1.4 update on January 29, the day after the bug was widely publicized and spread across the internet.

    [​IMG]

    Apple on Monday said that a software fix for the issue would come "later this week," but now that it's Thursday, there's not a lot of time left. Apple could still release the update later today, but if not, Friday morning is the likely target launch date.

    The FaceTime eavesdropping bug allowed iPhone users to exploit a privacy-invading Group FaceTime flaw that let one person connect to another person and hear conversations (and see video, in some cases) without the other person ever having accepted the call.

    The FaceTime bug in action

    Apple has put a stop to the FaceTime bug by disabling Group FaceTime server side, leaving the feature unavailable, but questions remain about how long the bug was accessible and how long Apple knew about it before attempting a fix.

    The mother of the teenager who originally discovered the bug shared convincing evidence that she contacted the Cupertino company as early as January 20. She did not receive a response from Apple despite sending emails and a video.

    It's not clear, therefore, when the right team at Apple learned of the bug and when work on a fix was started. We did not see signs of iOS 12.1.4 in our analytics data prior to January 29, but it's possible Apple was working on a fix earlier than that.

    The multi-day wait for an official solution to perhaps one of the worst Apple-related privacy bugs we've seen, however, does suggest that development on iOS 12.1.4 did not start too far ahead of when the bug went public.

    Article Link: Apple's iOS 12.1.4 Update to Fix FaceTime Eavesdropping Bug Showing Up in Analytics
     
  2. bbplayer5 macrumors 68030

    Joined:
    Apr 13, 2007
    #2
    Software bugs are now supposed to be federal business ending crimes? This timeline sucks.
     
  3. Silver Idaten macrumors 6502a

    Joined:
    Jul 31, 2015
    Location:
    Stratford, CT
    #3
    Is that all it's going to do is fix the FaceTime bug? That's disappointing.
     
  4. cmaier macrumors G5

    Joined:
    Jul 25, 2007
    Location:
    California
    #4
    No it’s not. Other things are for 12.2, which is already in testing.
     
  5. Unity451 macrumors regular

    Unity451

    Joined:
    Aug 29, 2011
    Location:
    California
    #5
    What else were you expecting?
    --- Post Merged, Jan 31, 2019 ---
    I hope the mother ends up getting her bug finding reward.
     
  6. Mike MA, Jan 31, 2019
    Last edited: Jan 31, 2019

    Mike MA macrumors 68000

    Mike MA

    Joined:
    Sep 21, 2012
    #6
    Good for us, but sadly the lawyers and though daily updates on new class action lawsuits over here won’t be stopped by this.
     
  7. cppguy macrumors 6502

    Joined:
    Apr 6, 2009
    Location:
    SF Bay Area, California
    #7
    I'm sorry Apple, but QA didn't try hard enough to break it. With a feature this sensitive, it is necessary to have a couple of employees trying to break things all day every day. I know not every bug can be discovered in time, but obvious ones like this should be caught before release.
     
  8. Chrjy macrumors 6502a

    Chrjy

    Joined:
    May 19, 2010
    Location:
    UK
    #8
    I disagree. This was an edge case bug. In fact it took a long while before millions of users had been using group FaceTime before it came to light.

    It certainly wasn't an 'obvious' bug.
     
  9. dandy1117 macrumors newbie

    Joined:
    Sep 18, 2012
    #9
    Don't forget that this bug likely existed in the months of developer and public beta testing as well and wasn't discovered by users. If so, it wouldn't be fair to classify it as an "obvious" bug.
     
  10. AngerDanger, Jan 31, 2019
    Last edited: Jan 31, 2019

    AngerDanger macrumors 68040

    AngerDanger

    Joined:
    Dec 9, 2008
    #10
    It's about time. I tried the bug out on a friend and the results were… eye-opening. :(

    facetimebug3.gif
     
  11. Porco macrumors 68030

    Porco

    Joined:
    Mar 28, 2005
    #11
    If you want to know when the update is coming out, just call Apple, don't worry if they don't pick up... ! :p

    Seriously, this was a bad bug (perhaps more in terms of the company's image than anything else) and I hope they issue the fix as soon as they can. I think they should really hold their hands up and say sorry too, if only to repair the PR damage a little.
     
  12. buckwheet macrumors regular

    Joined:
    Mar 30, 2014
    #12
    Honestly, from what I understand, it's not as though this bug is in any way insidious—at the very least, you will be aware that someone is trying to join the call, no? So I don't see why this is considered such a horrific breach of trust, when selling personal data, including real-time location tracking—which is far more useful to someone with malicious intent—is considered a "business model".
     
  13. coolfactor macrumors 68040

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #13
    It wasn't discovered on Monday. It started getting media attention on Monday. Big difference.
     
  14. cppguy macrumors 6502

    Joined:
    Apr 6, 2009
    Location:
    SF Bay Area, California
    #14
    Adding another person to the call is a documented function. So adding yourself to the call is a boundary condition. If it only takes two steps to reproduce the bug, then it should have been discovered. If it took 10 steps, then I would say it wouldn't be an obvious one. Either way, this family deserves to get a reward.
     
  15. Uaaerospace2 macrumors newbie

    Joined:
    May 17, 2017
    #15
    This is an embarrassing bug, but clearly you’ve never developed a piece of software, have you?
     
  16. cmaier macrumors G5

    Joined:
    Jul 25, 2007
    Location:
    California
    #16
    First thing i tried was adding myself to a call (during the early betas of the feature.). Tested that i could talk from iPad to iPhone, etc. Sadly, didn’t occur to me to first add a third party. :-(
     
  17. coolfactor macrumors 68040

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #17
    IF they did not take this seriously right away, they deserve the wrath they get. And I'm a huge Apple supporter. But to only disable *after* they get media attention looks really, really bad! They should have learned from past experiences.

    I know it can take time to reproduce this issue and prove it's real, but I fear they dismissed it internally because it didn't seem believable. Privacy is their huge selling point, and this was a huge slap in the face of privacy. They definitely should have handled this better. Somebody's head needs to roll!
     
  18. DJLAXL macrumors 6502a

    DJLAXL

    Joined:
    Jun 3, 2014
    Location:
    UT
    #18
    Does anyone else know of a more friendly Apple site with other friendly actual Apple enthusiasts? Seriously, for as long as I've lurked on here it's all negative people who are Apple haters commenting. Pointless to be on here anymore. All this negative news is hardly "rumors".
     
  19. cppguy macrumors 6502

    Joined:
    Apr 6, 2009
    Location:
    SF Bay Area, California
    #19
    My macrumors handle starts with C++. All I do is develop software.
     
  20. cmaier macrumors G5

    Joined:
    Jul 25, 2007
    Location:
    California
    #20
    Appleinsider?
    --- Post Merged, Jan 31, 2019 ---
    In these parts we use Objective-C and Swift. :)
     
  21. Bawstun macrumors 65816

    Bawstun

    Joined:
    Jun 25, 2009
    #21
    Yep. Very simple bug that should have been caught. This will result in many lost upgrades and sales for the next year and beyond. Another massive Tim Cook failure. Really sucks for those of us who see the writing on the wall.
     
  22. cmaier macrumors G5

    Joined:
    Jul 25, 2007
    Location:
    California
    #22
    I’m assuming it didn’t get to the right people. There’s a real problem with apple’s reliance on the Radar system. Radar is too difficult for an average non-technical person to use, there’s no obvious way for someone to report a critical bug to Apple without using radar, etc. Apple needs to seriously consider new ways of reporting and tracking bugs. Something like a friendlier version of bug reporter running on the device itself (i.e. the bug reporting app that installs during betas.)
     
  23. Relentless Power macrumors Penryn

    Relentless Power

    Joined:
    Jul 12, 2016
    #23
    Knowing Apple, they rarely apologize, and I’m not knocking them, it’s just the nature of how they are as a company being egotistical at times. But one thing I want to mention aside from your post that you discussed, it’s my opinion, but somebody _should_ probably be terminated for this error. I’m sure there was a group of developers working in a team collaboration, but usually it comes down to one person that should be held responsible in a situation such as this in a leadership position. I’m not always about firing people with that type of mentality. But this is it something that likely can’t have remedial retraining, this is grounds for termination in my opinion.
     
  24. Chrjy macrumors 6502a

    Chrjy

    Joined:
    May 19, 2010
    Location:
    UK
    #24
    In fact it was so simple, that you picked up on it on the day of release :rolleyes:
     
  25. Bawstun macrumors 65816

    Bawstun

    Joined:
    Jun 25, 2009
    #25
    Yes as more evidence comes to light it does appear they knew about the bug well in advance of Monday.

    The same way they knew about the batteries and faulty processors/throttling, and did nothing.

    Their lack of transparency IS going to corrode consumer trust and ruin their branding. Watch. Next year’s iPhone sales are going to be abysmal.
     

Share This Page