Apple has finally released a software update to patch the major FaceTime security flaw that was eavesdropping conversations on iOS devices. The fix is rolled out with the new iOS 12.1.4 update for the iPhone, iPad and iPod touch. Apart from the bug fix, the iOS update doesn’t include any new features.

While Apple had promised to release a software update to fix the flaw on 30 January, it was delayed by more than a week. As per The Verge report, an Apple spokesperson told the publication, “In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security.”

The security audit included a previously unidentified vulnerability of FaceTime Live Photos feature as well. Apparently, Apple has updated its servers to block Live Photos feature for the older version of iOS and macOS. But while the FaceTime bug will no longer be able to be exploited, courtesy of the new iOS update, Apple has not shared any insight as to why this major security flaw occurred in the first place.

The Group FaceTime bug, which is now said to be the thing in the past was a serious security flaw that caused Apple to take its ‘entire’ Group FaceTime server offline. The bug allowed people to eavesdrop on iPhone users’ conversation without their knowledge. The FaceTime bug caused iPhone users to listen to the other user’s audio before the recipient even answered the call. In some situations, it even transmitted video if the recipient hit the power or volume button to ignore a FaceTime call.

The FaceTime bug was originally reported to Apple by a 14-year-old Grant Thompson and his mother after they discovered that one could add themselves to a Group FaceTime call and force recipients to answer the call immediately.

Notably, Apple has credited the discovery to Grant and said that it will compensate the teenager and provide an additional gift to fund his education. The payout is said to fall under Apple’s Bug Bounty program, which ‘incentivizes’ security researchers to claim a reward for submitting security bugs and vulnerabilities to the company.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Unauthorized Content Copy Is Not Allowed
Scroll to Top
%d bloggers like this: