Apple fixes Group FaceTime privacy issue with iOS 12.1.4, macOS Mojave supplemental update...

Posted:
in iOS edited February 7
Apple has released an update to iOS bringing it up to 12.1.4, and a supplemental update to macOS Mojave with both updates re-enabling Group FaceTime by fixing a security hole that potentially allowed others to listen in to private conversations without the user's permission.




Released to iOS devices, the update targets just Group FaceTime, which was disabled shortly after the discovery of the security issue. While Apple noted on Friday it has already deployed a fix to its servers, a further update was required for the affected devices as well, one that is now being made available to users.

While the update follows on from iOS 12.1.3, the previous public version of the mobile operating system, it doesn't seem that there are any other changes made to the software, aside from the FaceTime fix.

Currently, Apple is working on betas for iOS 12.2, macOS 10.14.4, and tvOS 12.2, with the version numbers suggesting the releases will be more major than in previous updates. Outside the discovery of other security holes, it is unlikely there will be another release under the iOS 12.1 prefix.

The Group FaceTime exploit was relatively simple to perform, with the caller starting a FaceTime video call with a contact, then while the call is ringing, they added themselves to the call as a third party using their phone number. If properly executed, the Group FaceTime call commenced, with the original recipient's audio streaming before the call is accepted.

It has been suggested Apple may be preparing to provide the 14-year-old discoverer of the exploit, Grant Thompson, an award under the company's bug bounty scheme, after it became widely publicized on Twitter.

Devices not updated with Thursday's patches will not be allowed to access Group FaceTime.

Comments

  • Reply 1 of 8
    rob53rob53 Posts: 2,010member
    That was a quick fix! Now maybe all the crooked lawyers will back off. 
    lostkiwiwatto_cobra
  • Reply 2 of 8
    Mike WuertheleMike Wuerthele Posts: 4,431administrator
    rob53 said:
    That was a quick fix! Now maybe all the crooked lawyers will back off. 
    I wouldn't bet on it.
    jbdragonkruegdudeMisterKitlostkiwi
  • Reply 3 of 8
    lkrupplkrupp Posts: 6,952member

    Devices not updated with Thursday's patches will not be allowed to access Group FaceTime.
    Good idea. Taking care of those who refuse to update.
    JFC_PAcaladanianlostkiwi
  • Reply 4 of 8
    "Devices not updated with Thursday's patches will not be allowed to access Group FaceTime."

    - IT Security Staff everywhere, release a collective sigh of relief! 
    JFC_PAcaladanianlostkiwi
  • Reply 5 of 8
    Nice of kindly Apple to give something to the kid that discovered this. Of course, after it being publicized, Apple not addressing it when reported, etc. Three cheers for Apple!
  • Reply 6 of 8
    GHammer said:
    Nice of kindly Apple to give something to the kid that discovered this. Of course, after it being publicized, Apple not addressing it when reported, etc. Three cheers for Apple!
    The lack of a public comment in one week doesn’t mean that they’re sitting around eating bon bons. I work. in enterprise software and our turnarounds are usually longer. 
    watto_cobra
  • Reply 7 of 8
    I guess they never turned it on or I have to wait for them to turn on the server? Because I still cannot make a Group FaceTime chat with a group of people unless i am doing something wrong.
  • Reply 8 of 8
    Nevermind. I figured it out.
Sign In or Register to comment.