Group FaceTime Will Remain Permanently Disabled on iOS 12.1.3 and Earlier

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,240
9,759



Apple today issued an apology for its major FaceTime security bug that allowed for eavesdropping on calls.


"We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," said Apple in a statement issued to MacRumors and other media outlets.

For absolute clarity, we've since confirmed that this means Group FaceTime will remain permanently disabled on iOS 12.1 through iOS 12.1.3. To access Group FaceTime, users will need to update their iPhone, iPad, or iPod touch to a software update coming next week that is likely to be iOS 12.1.4.

Apple disabled Group FaceTime within hours of the bug making headlines, instantly preventing the bug from working.

Widely publicized on Monday, the FaceTime bug allowed one person to call another person via FaceTime, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.


Apple's full statement issued to MacRumors:
We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.

We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
The bug will presumably be fixed in a subsequent iOS 12.2 beta as well.

Group FaceTime debuted with iOS 12.1 in October.

Article Link: Group FaceTime Will Remain Permanently Disabled on iOS 12.1.3 and Earlier
 

Joe Rossignol

Editor
Staff member
May 12, 2012
630
1,783
Toronto
Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?
Server-side is only temporary fix.

The second they re-enable Group FaceTime, the bug would exist again on iOS 12.1 through iOS 12.1.3 (and current 12.2 betas).

So they are never re-enabling it again on <12.1.3.

They'll fix it in what should be 12.1.4, and likely in subsequent 12.2 betas, and only re-enable it on those versions.
 

jarman92

macrumors 6502a
Nov 13, 2014
579
1,224
“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.
Lol right, I’m sure the FaceTime team was just sitting back rubbing their hands and laughing maniacally at our misfortune.

“HA! They can listen to each other when they add themselves to their own FaceTime call! HA!”
 

genovelle

macrumors 65816
May 8, 2008
1,004
791
Oh the humanity! :eek::oops:

Wait, I use zoom for group video. Never mind. ;)
Which is owned by? And what is their security and privacy policies in use. Keep in mind companies bigger than Apple can have huge gaps that actually let bad actors take over your PayPal account to clean out your bank account, but there are almost no news reports on it. So, unless it’s Apple, you would have no idea what’s happening.
 

Baumi

macrumors regular
Mar 31, 2005
199
238
Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?
My uneducated guess: The fix involved some changes in the way clients and servers communicate while setting up a Group FaceTime call. Therefore, the client software needs an update to conform to the new version of the protocol.
[doublepost=1549044282][/doublepost]
When will it be safe to turn back on FaceTime in settings?
Unless you're worried that there might be other potential security issues, you can turn it on right now. The Group FaceTime exploit stopped working the moment Apple globally disabled that functionality on their end. As of now, you can use FaceTime for one-on-one calls just like before, and after installing the promised update, group calls should be working again, as well.
 

Kaibelf

Suspended
Apr 29, 2009
2,445
7,435
Silicon Valley, CA
Joking aside, can you cite sources to back up your assertion? I don't recall seeing one.
Can you site a source to the contrary that shows that large numbers of people actually ARE regularly using this feature? Most people I know are on iOS (I'd estimate about 70%) and most of them don't even use 1:1 FaceTime aside from wanting to call someone on a birthday or Christmas.
 
  • Like
Reactions: Nermal

MadDawg2020

macrumors regular
Jun 20, 2012
172
175
“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.
Umm no, pretty sure Apple got it right and it’s doubtful you speak for them - you can write your own release with your own opinions.
 

az431

macrumors 65816
Sep 13, 2008
1,497
4,384
Portland, OR
Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?
It you (and the people who liked your comment) had read the entire article you’d know that it also requires a software update issued via 12.1.4. It doesn’t state anywhere that this is server only fix.
[doublepost=1549046553][/doublepost]
“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.
Yeah completely logical that Apple would simply hope the problem would go away on its own without their own engineers doing anything about it. But the media found out so they leaped into action.

Makes perfect sense.
 

Analog Kid

macrumors 603
Mar 4, 2003
5,027
3,178
Server-side is only temporary fix.
That's not how I read the release. I read the release to say that the bug had both server side and client side components. They've implemented and tested the server side fix, now they need to finish testing the client before they put it in the hands of millions of users.
 
  • Like
Reactions: az431

dannyyankou

macrumors G3
Mar 2, 2012
8,931
14,388
Westchester, NY
It you (and the people who liked your comment) had read the entire article you’d know that it also requires a software update issued via 12.1.4. It doesn’t state anywhere that this is server only fix.
I did read it, what did I miss? Apple clearly said they fixed the bug on their servers. Unless they meant “fixed” as “disabled”?
"We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," said Apple in a statement issued to MacRumors and other media outlets.
[doublepost=1549048357][/doublepost]
My uneducated guess: The fix involved some changes in the way clients and servers communicate while setting up a Group FaceTime call. Therefore, the client software needs an update to conform to the new version of the protocol.
This is what I’m thinking as well
 

MuseumVisitor

macrumors member
Nov 20, 2010
88
17
Software checking...

Software update: No new updates


Yes, it’s upsetting that a FT caller can hear what are you saying even after you hang up. However, it’s even more scary to tell us in Face that Apple can hear anyone of us whenever they want.


Simple Switching: Off/On


Can you hear me now? Yes, I can.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.