Pierluigi Paganini February 02, 2019

On Friday, Apple announced that the FaceTime issue recently discovered has been partially fixed, the company plans to release a complete update next week.

This week, Apple issued a partial fix for the FaceTime issue recently discovered, the tech giant plans to release a complete update next week.

Apple experts implemented a server-side patch, but the Group FaceTime feature will be enabled again next week.

The security vulnerability in the Apple FaceTime lets you hear the audio of the person you are calling before they pick up the call by adding your number to a group chat.

On the receiver’s side, it appears as if the call still hasn’t been answered.

The bug was discovered by Grant Thompson, a 14-year-old from Arizona, who attempted to report the flaw to Apple for more than 10 days without success.

“There’s a major bug in FaceTime right now that lets you connect to someone and hear their audio without the person even accepting the call.” reads a thread published on MacRumors.  

“This bug is making the rounds on social media, and as 9to5Mac points out, there are major privacy concerns involved. You can force a FaceTime call with someone and hear what they’re saying, perhaps even without their knowledge. 

We tested the bug at MacRumors and were able to initiate a FaceTime call with each other where we could hear the person on the other end without ever having pressed the button to accept the call.”

The flaw affected iOS 12.1 and 12.2 versions, and macOS Mojave.

Just after the bug was disclosed, Apple suspended the Group FaceTime feature.

Apple has officially thanked Thompson for reporting the bug apologized for the delay in receiving the report. The company has promised to improve the process for receiving reports such as the one related to the FaceTime issue.

“We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process,” reads the statement issued by Apple.

“We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix,”.

The New York attorney general and Governor Andrew M. Cuomo and Attorney General Letitia James announced a probe into the failure to report the flaw to the customers and the delay in responding to the report.

“In the wake of this egregious bug that put the privacy of New Yorkers at risk, I support this investigation by the Attorney General into this serious consumer rights issue and direct the Division of Consumer Protection to help in any way possible,” Governor Cuomo announced. “We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again.”

“This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years.” said Attorney General James.

“My office will be conducting a thorough investigation into Apple’s response to the situation, and will evaluate the company’s actions in relation to the laws set forth by the State of New York. We must use every tool at our disposal to ensure that consumers are always protected.”

Pierluigi Paganini

(SecurityAffairs – FaceTime bug, privacy)

[adrotate banner=”5″] [adrotate banner=”13″]