FaceTime Bug That Lets People Spy on Others Demoed in Video [Updated]
There's a major issue affecting FaceTime right now, which all MacRumors readers should be aware of. A bug with Group FaceTime can let someone force a FaceTime call with you, giving them access to your iPhone, iPad, or Mac's video and audio even when you don't accept the FaceTime call.
In the video below, we demonstrate how the bug works. We do not condone MacRumors readers invading peoples' privacy, and these video is meant to make it clear how simple it is to exploit this bug to emphasize its seriousness.
As outlined in our original post on the issue, this FaceTime bug is very easy to exploit. All someone needs to do is call you and then add their own number to the FaceTime call to force a connection with you.
From there, they can hear your audio, even though on your end, it looks like the call wasn't accepted yet. If you hit the power button to make the call go away, it gives the person on the other end access to your camera. This bug can be initiated on an iPhone and it affects iOS and macOS devices running current software, including iOS 12.2.
This is a huge privacy issue and while Apple says a fix is coming "later this week," iPhone and Mac users concerned about spying should turn off FaceTime all together. Enabling Do Not Disturb also appears to work as a preventative measure.
Update: Apple appears to have temporarily addressed the issue by disabling Group FaceTime calls server side. On Apple's System Status page, Group FaceTime is listed as unavailable.