Group FaceTime Will Remain Permanently Disabled on iOS 12.1.3 and Earlier

[MacRumors]

Apple today issued an apology for its major FaceTime security bug that allowed for eavesdropping on calls.

"We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," said Apple in a statement issued to MacRumors and other media outlets.

For absolute clarity, we've since confirmed that this means Group FaceTime will remain permanently disabled on iOS 12.1 through iOS 12.1.3. To access Group FaceTime, users will need to update their iPhone, iPad, or iPod touch to a software update coming next week that is likely to be iOS 12.1.4.

Apple disabled Group FaceTime within hours of the bug making headlines, instantly preventing the bug from working.

Widely publicized on Monday, the FaceTime bug allowed one person to call another person via FaceTime, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.

Apple's full statement issued to MacRumors:

We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.

We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.

The bug will presumably be fixed in a subsequent iOS 12.2 beta as well.

Group FaceTime debuted with iOS 12.1 in October.

Article Link: Group FaceTime Will Remain Permanently Disabled on iOS 12.1.3 and Earlier

 

[nviz22]

Hope they fix this issue soon next week. Group FaceTime is huge.

 

[dannyyankou]

Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?

 

[Pelea]

“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.

 

[Joe Rossignol]

Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?

Server-side is only temporary fix.

The second they re-enable Group FaceTime, the bug would exist again on iOS 12.1 through iOS 12.1.3 (and current 12.2 betas).

So they are never re-enabling it again on <12.1.3.

They'll fix it in what should be 12.1.4, and likely in subsequent 12.2 betas, and only re-enable it on those versions.

 

[Scottsoapbox]

Oh the humanity!

Wait, I use zoom for group video. Never mind.

 

[tpham5919]

Heh...that's one way to ensure 100% adoption rate of the new iOS release on the first day!

 

[dan9700]

Haven't used group facetime once since launch so not bothering me

 

[jarman92]

“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.

Lol right, I’m sure the FaceTime team was just sitting back rubbing their hands and laughing maniacally at our misfortune.

“HA! They can listen to each other when they add themselves to their own FaceTime call! HA!”

 

[genovelle]

Oh the humanity!

Wait, I use zoom for group video. Never mind.

Which is owned by? And what is their security and privacy policies in use. Keep in mind companies bigger than Apple can have huge gaps that actually let bad actors take over your PayPal account to clean out your bank account, but there are almost no news reports on it. So, unless it’s Apple, you would have no idea what’s happening.

 

[cocky jeremy]

Heh...that's one way to ensure 100% adoption rate of the new iOS release on the first day!

Except most people will never use group FaceTime.

 

[tpham5919]

Except most people will never use group FaceTime.

Joking aside, can you cite sources to back up your assertion? I don't recall seeing one.

 

[MrGuder]

When will it be safe to turn back on FaceTime in settings?

 

[Baumi]

Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?

My uneducated guess: The fix involved some changes in the way clients and servers communicate while setting up a Group FaceTime call. Therefore, the client software needs an update to conform to the new version of the protocol.
[doublepost=1549044282][/doublepost]

When will it be safe to turn back on FaceTime in settings?

Unless you're worried that there might be other potential security issues, you can turn it on right now. The Group FaceTime exploit stopped working the moment Apple globally disabled that functionality on their end. As of now, you can use FaceTime for one-on-one calls just like before, and after installing the promised update, group calls should be working again, as well.

 

[Kabeyun]

When will it be safe to turn back on FaceTime in settings?

Now. Group calls just won’t work.

 

[Kaibelf]

Joking aside, can you cite sources to back up your assertion? I don't recall seeing one.

Can you site a source to the contrary that shows that large numbers of people actually ARE regularly using this feature? Most people I know are on iOS (I'd estimate about 70%) and most of them don't even use 1:1 FaceTime aside from wanting to call someone on a birthday or Christmas.

 

[MadDawg2020]

“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.

Umm no, pretty sure Apple got it right and it’s doubtful you speak for them - you can write your own release with your own opinions.

 

[GrumpyMom]

Meanwhile, on a Samsung Galaxy far far away, mayhem ensues from a bug in the Forcetime app....

 

[az431]

Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?

It you (and the people who liked your comment) had read the entire article you’d know that it also requires a software update issued via 12.1.4. It doesn’t state anywhere that this is server only fix.
[doublepost=1549046553][/doublepost]

“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.

Yeah completely logical that Apple would simply hope the problem would go away on its own without their own engineers doing anything about it. But the media found out so they leaped into action.

Makes perfect sense.

 

[Analog Kid]

Server-side is only temporary fix.

That's not how I read the release. I read the release to say that the bug had both server side and client side components. They've implemented and tested the server side fix, now they need to finish testing the client before they put it in the hands of millions of users.

 

[az431]

Where does it say that Apple has 109 people working on emojis or that they are the same people who work on iOS

 

[ZebraDude]

When will it be safe to turn back on FaceTime in settings?

right now! Apple has deprecated their group facetime servers so there is no need to disable at your end.

 

[BaccaBossMC]

Jailbreakers are going to be pissed!

 

[dannyyankou]

It you (and the people who liked your comment) had read the entire article you’d know that it also requires a software update issued via 12.1.4. It doesn’t state anywhere that this is server only fix.

I did read it, what did I miss? Apple clearly said they fixed the bug on their servers. Unless they meant “fixed” as “disabled”?

"We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," said Apple in a statement issued to MacRumors and other media outlets.

​

​

[doublepost=1549048357][/doublepost]

My uneducated guess: The fix involved some changes in the way clients and servers communicate while setting up a Group FaceTime call. Therefore, the client software needs an update to conform to the new version of the protocol.

This is what I’m thinking as well

 

[MuseumVisitor]

Software checking...

Software update: No new updates


Yes, it’s upsetting that a FT caller can hear what are you saying even after you hang up. However, it’s even more scary to tell us in Face that Apple can hear anyone of us whenever they want.


Simple Switching: Off/On


Can you hear me now? Yes, I can.