Apple pushes out iOS 12.1.4 to fix Group FaceTime eavesdropping bug

(Image credit: Apple)

As expected, Apple has rushed out a fix for a bug that allowed folks to eavesdrop on others through Group FaceTime. While Apple had already addressed the issue on its servers, AppleInsider pointed out, iOS 12.1.4 fixes this exploit on devices.

Apple had swiftly disabled Group FaceTime after news of the bug started trending on social media. In the days following, it was discovered that the mother of US teen Grant Thompson alerted the company a week before it took action; Apple is reportedly rewarding the family per its bug hunting policy.

Here’s Apple’s new statement on the iOS 12.1.4 update that fixes FaceTime Group calls.(And yes, Apple’s going to both bounty Grant Thompson and his family for the bug, and make an extra contribution towards his education.)Full text in description for accessibility. pic.twitter.com/HOtPa5UvhYFebruary 7, 2019

What's coming in the iPhone 11 this year?
Forget last year's phones – here are the first ones that will harness 5G
All the rumors of what's coming down the pipe at MWC 2019

Apple acted quickly because the bug was particularly easy to exploit: a caller just needed to start a FaceTime video call, and while it was ringing, add themselves (via their phone number or Apple ID) to make it a conference call.

Even if the recipient didn’t answer or refused the call, the initiator could eavesdrop through the former’s device. Sometimes they could even see through the recipient’s front-facing camera (reportedly when declining the call by pressing the power button).

Wait for more features

The update also had a handful of fixes for unrelated bugs in Foundation, IOKit and Live Photos in FaceTime, per Apple’s security notes for iOS 12.1.4. But these vulnerabilities had apparently been exploited – which was confirmed by Ben Hawkes, who heads Google Project Zero security research team, as spotted by Forbes.

CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today (https://t.co/ZsIy8nxLvU) were exploited in the wild as 0day.February 7, 2019

There aren't any new features in this update, sadly, but that isn’t surprising: with issues as widespread and easily-exploitable as the Group FaceTime vulnerability, Apple typically acts quickly to stem the bleeding, so to speak.

That means any features you might have been waiting for are still down the line – and may come in iOS 12.2, which recently opened its beta version to the public. So far, we’ve seen more animoji (like a shark and warthog) as well as tweaks to the Control Center, along with other updates yet to be revealed.

Need a reminder why iOS is still worth it? See where iPhones rank in our best phones list

TOPICS

David is now a mobile reporter at Cnet. Formerly Mobile Editor, US for TechRadar, he covered phones, tablets, and wearables. He still thinks the iPhone 4 is the best-looking smartphone ever made. He's most interested in technology, gaming and culture – and where they overlap and change our lives. His current beat explores how our on-the-go existence is affected by new gadgets, carrier coverage expansions, and corporate strategy shifts.