Hacking

Apple issued a partial fix for recent FaceTime spying bug

On Friday, Apple announced that the FaceTime issue recently discovered has been partially fixed, the company plans to release a complete update next week.

This week, Apple issued a partial fix for the FaceTime issue recently discovered, the tech giant plans to release a complete update next week.

Apple experts implemented a server-side patch, but the Group FaceTime feature will be enabled again next week.

The security vulnerability in the Apple FaceTime lets you hear the audio of the person you are calling before they pick up the call by adding your number to a group chat.

On the receiver’s side, it appears as if the call still hasn’t been answered.

The bug was discovered by Grant Thompson, a 14-year-old from Arizona, who attempted to report the flaw to Apple for more than 10 days without success.

“There’s a major bug in FaceTime right now that lets you connect to someone and hear their audio without the person even accepting the call.” reads a thread published on MacRumors.  

“This bug is making the rounds on social media, and as 9to5Mac points out, there are major privacy concerns involved. You can force a FaceTime call with someone and hear what they’re saying, perhaps even without their knowledge. 

We tested the bug at MacRumors and were able to initiate a FaceTime call with each other where we could hear the person on the other end without ever having pressed the button to accept the call.”

The flaw affected iOS 12.1 and 12.2 versions, and macOS Mojave.

Just after the bug was disclosed, Apple suspended the Group FaceTime feature.

Apple has officially thanked Thompson for reporting the bug apologized for the delay in receiving the report. The company has promised to improve the process for receiving reports such as the one related to the FaceTime issue.

“We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process,” reads the statement issued by Apple.

“We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix,”.

The New York attorney general and Governor Andrew M. Cuomo and Attorney General Letitia James announced a probe into the failure to report the flaw to the customers and the delay in responding to the report.

“In the wake of this egregious bug that put the privacy of New Yorkers at risk, I support this investigation by the Attorney General into this serious consumer rights issue and direct the Division of Consumer Protection to help in any way possible,” Governor Cuomo announced. “We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again.”

“This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years.” said Attorney General James.

“My office will be conducting a thorough investigation into Apple’s response to the situation, and will evaluate the company’s actions in relation to the laws set forth by the State of New York. We must use every tool at our disposal to ensure that consumers are always protected.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – FaceTime bug, privacy)

[adrotate banner=”5″] [adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

1 hour ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

5 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

19 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.