Apple's iOS 12.1.4 Update Also Fixes Live Photos Vulnerability, FaceTime Bug Reporter to Receive Bounty and Gift Toward Education

Following the release of iOS 12.1.4, Apple today issued an apology to customers and said that it had found and fixed the Group FaceTime bug and an additional security vulnerability involving Live Photos in the ‌FaceTime‌ app.


From a statement provided to MacRumors:

Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS."

Going forward, Apple says that the ‌Live Photos‌ feature will not be available in ‌FaceTime‌ on older versions of iOS and macOS. Capturing a Live Photo will require iOS 12.1.4 or the new version of macOS 10.14.3. Apple is also restricting Group ‌FaceTime‌ from devices running earlier versions of iOS.

Apple in a security document released this morning outlines the specific fixes that were implemented in iOS 12.1.4 and the macOS 10.14.3 supplemental update.

Apple fixed a logic issue that existed in the handling of Group ‌FaceTime‌ calls with improved state management, and the Group ‌FaceTime‌ testing led to the discovery of the ‌Live Photos‌ issue. Apple says that the ‌Live Photos‌ bug was fixed with "improved validation on the ‌FaceTime‌ server."

Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.

Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the ‌FaceTime‌ bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.

Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.

Related Forum: iOS 12

Top Rated Comments

motm95 Avatar
39 months ago
As much as I get annoyed at Apple these days for various things, and even though it is extremely concerning that Apple let a bug this serious slip through in the first place, I have to say overall Apple is pretty darn responsive at addressing security problems and releasing updates. I am also very glad that iPhone users don't have to rely on wireless carriers to get these security fixes.
Score: 21 Votes (Like | Disagree)
AngerDanger Avatar
39 months ago
I’d love to get paid for accidentally calling myself over Group FaceTime.
Score: 11 Votes (Like | Disagree)
alirz Avatar
39 months ago
$50 gift card for them i bet and a 10% discount on a new Mac pro.
Score: 8 Votes (Like | Disagree)
jtara Avatar
39 months ago
If this young man decides to go into security he could get into some very lucrative work in short order
There's no great white-hat hacking or technical knowledge at play here. The kid was observant, and realized it wasn't right. (Not to denigrate any technical expertise or talent that he does have - I have no knowledge.)

I’d love to get paid for accidentally calling myself over Group FaceTime
He did more than just accidentally called himself over group Facetime. He followed-through and persisted when adults basically told him "go away, kid, ya bother me!"

That persistence is a great trait, no matter WHAT profession he chooses.
Score: 7 Votes (Like | Disagree)
whooleytoo Avatar
39 months ago
Sounds good. But I hope it's not just a reactive bounty, but they're also looking at bounty programmes going forward.

Apple really needs to 'double down' on security. These are not minor glitches.
Score: 7 Votes (Like | Disagree)
killawat Avatar
39 months ago
Getting an official credit like this is huge. If this young man decides to go into security he could get into some very lucrative work in short order. Congratulations to you and your family.
Score: 6 Votes (Like | Disagree)

Popular Stories

maxresdefault

Review: M1 Max MacBook Pro After Three Months

Wednesday January 19, 2022 11:30 am PST by
It's now been a few months since the M1 Pro and M1 Max MacBook Pro models launched in October, and MacRumors video editor Dan Barbera has been using one of the new machines since they debuted. Over on the MacRumors YouTube channel, Dan has shared a three month review of his MacBook Pro to see how it has held up over time and how it's changed his workflow. Subscribe to the MacRumors YouTube ...
airpodsinear 1

AirPods Save Woman's Life With Feature Everyone Should Know

Friday January 21, 2022 2:13 am PST by
Apple's AirPods have been credited with saving a woman's life after a potentially fatal fall, People reports. When a 60-year-old florist in New Jersey tripped and hit her head in her studio, she lost consciousness and awoke heavily bleeding. With nobody around to call for help, she realized she had her AirPods in, and used a "Hey Siri" command to call 911. An operator was able to stay on the ...
iphone se 2020 top

New iPhone SE Likely to Launch in April Based on Production Timeframe

Wednesday January 19, 2022 6:44 am PST by
Apple suppliers will begin producing display panels for the third-generation iPhone SE this month, with final assembly of the device likely to start in March, according to information shared by display industry consultant Ross Young. Based on this production timeframe, Young believes the third-generation iPhone SE is likely to launch in the second half of April, or perhaps in early May at...
iphone 13 earpods

Apple to Stop Including EarPods With Every iPhone Sold in France From Next Week

Friday January 21, 2022 3:21 am PST by
Apple will no longer include EarPods with every iPhone sold in France, starting on January 24, according to a notice posted by a French carrier (via iGeneration). Apple was previously required to include EarPods in the box with the iPhone due to a French law that required every smartphone sold in the country to come with a "handsfree kit," but the law has now been changed in favor of reducing the ...
Spring 2022 Apple Products Feature

New iPad Air, Macs, and iPhone SE With 5G Likely to Be Announced at Apple Event This Spring

Thursday January 20, 2022 8:32 am PST by
Earlier this week, Bloomberg's Mark Gurman tweeted that Apple "will be holding a spring event" to announce a new iPhone SE and other hardware. In a recent edition of his newsletter, Gurman said the event is likely to occur in March or April. Gurman did not elaborate on what "other hardware" will be announced at Apple's purported spring event, but rumors suggest at least four products are...
appleeducation

Apple's US Education Store Now Requires Institution Verification to Buy Discounted Products

Wednesday January 19, 2022 2:22 am PST by
Apple is now requiring that customers in the United States verify that they're active students, teachers, or staff members at an educational institution in order to access education discounts on products. Previously, little verification was needed for customers to purchase products through Apple's education store in the United States. Apple's education stores offer models of the iPad and Mac ...
AirPods 3 New Firmware Feature

Apple Updates AirPods 3 Firmware to Version 4C170

Tuesday January 18, 2022 11:46 am PST by
Apple today released a new 4C170 firmware update for the AirPods 3, an update from the prior 4C165 that was made available in December. Apple does not offer details on what's included in new firmware updates for the AirPods‌, so we don't know what improvements or bug fixes the new firmware brings. There is no standard way to upgrade the ‌AirPods‌‌ software, but firmware is...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
apple watch series 7 aluminum colors yellowbg

Apple Watch Charging Bug Fixed in watchOS 8.4 Release Candidate

Thursday January 20, 2022 4:01 pm PST by
The watchOS 8.4 release candidate that was seeded to developers and beta testers this morning addresses an ongoing bug that could cause some Apple Watch chargers not to work properly with the Apple Watch. Back in December, we reported on a growing number of charging issues that Apple Watch Series 7 owners were facing. Since watchOS 8.3, there have been a number of complaints about...