Group FaceTime Will Remain Permanently Disabled on iOS 12.1.3 and Earlier

Friday February 1, 2019 8:53 AM PST by Joe Rossignol
Apple today issued an apology for its major FaceTime security bug that allowed for eavesdropping on calls.


"We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week," said Apple in a statement issued to MacRumors and other media outlets.

For absolute clarity, we've since confirmed that this means Group FaceTime will remain permanently disabled on iOS 12.1 through iOS 12.1.3. To access Group FaceTime, users will need to update their iPhone, iPad, or iPod touch to a software update coming next week that is likely to be iOS 12.1.4.

Apple disabled Group FaceTime within hours of the bug making headlines, instantly preventing the bug from working.

Widely publicized on Monday, the FaceTime bug allowed one person to call another person via FaceTime, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.


Apple's full statement issued to MacRumors:
We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.

We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
The bug will presumably be fixed in a subsequent iOS 12.2 beta as well.

Group FaceTime debuted with iOS 12.1 in October.

Tags: FaceTime, FaceTime Listening Bug
56 comments

Top Rated Comments

(View all)
Avatar
Joe Rossignol
11 months ago

Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?

Server-side is only temporary fix.

The second they re-enable Group FaceTime, the bug would exist again on iOS 12.1 through iOS 12.1.3 (and current 12.2 betas).

So they are never re-enabling it again on <12.1.3.

They'll fix it in what should be 12.1.4, and likely in subsequent 12.2 betas, and only re-enable it on those versions.
Rating: 13 Votes
Avatar
Pelea
11 months ago
“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.
Rating: 10 Votes
Avatar
dannyyankou
11 months ago
Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?
Rating: 7 Votes
Avatar
tpham5919
11 months ago
Heh...that's one way to ensure 100% adoption rate of the new iOS release on the first day!
Rating: 7 Votes
Avatar
genovelle
11 months ago

Oh the humanity! :eek::oops:

Wait, I use zoom for group video. Never mind. ;)

Which is owned by? And what is their security and privacy policies in use. Keep in mind companies bigger than Apple can have huge gaps that actually let bad actors take over your PayPal account to clean out your bank account, but there are almost no news reports on it. So, unless it’s Apple, you would have no idea what’s happening.
Rating: 7 Votes
Avatar
tpham5919
11 months ago

Except most people will never use group FaceTime.

Joking aside, can you cite sources to back up your assertion? I don't recall seeing one.
Rating: 5 Votes
Avatar
dan9700
11 months ago
Haven't used group facetime once since launch so not bothering me
Rating: 5 Votes
Avatar
jarman92
11 months ago

“We want to assure our customers that as soon as the media team became aware of the details necessary to reproduce the bug...”

I fixed apples typo.


Lol right, I’m sure the FaceTime team was just sitting back rubbing their hands and laughing maniacally at our misfortune.

“HA! They can listen to each other when they add themselves to their own FaceTime call! HA!”
Rating: 5 Votes
Avatar
Baumi
11 months ago

Wait, if the issue was fixed on the server side, why would it remain disabled on 12.1.3?


My uneducated guess: The fix involved some changes in the way clients and servers communicate while setting up a Group FaceTime call. Therefore, the client software needs an update to conform to the new version of the protocol.
[doublepost=1549044282][/doublepost]

When will it be safe to turn back on FaceTime in settings?


Unless you're worried that there might be other potential security issues, you can turn it on right now. The Group FaceTime exploit stopped working the moment Apple globally disabled that functionality on their end. As of now, you can use FaceTime for one-on-one calls just like before, and after installing the promised update, group calls should be working again, as well.
Rating: 4 Votes
Avatar
Kabeyun
11 months ago

When will it be safe to turn back on FaceTime in settings?

Now. Group calls just won’t work.
Rating: 3 Votes
[ Read All Comments ]