Apple's iOS 12.1.4 Update Also Fixes Live Photos Vulnerability, FaceTime Bug Reporter to Receive Bounty and Gift Toward Education - MacRumors
Skip to Content

Apple's iOS 12.1.4 Update Also Fixes Live Photos Vulnerability, FaceTime Bug Reporter to Receive Bounty and Gift Toward Education

by

Following the release of iOS 12.1.4, Apple today issued an apology to customers and said that it had found and fixed the Group FaceTime bug and an additional security vulnerability involving Live Photos in the ‌FaceTime‌ app.


From a statement provided to MacRumors:

Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS."

Going forward, Apple says that the ‌Live Photos‌ feature will not be available in ‌FaceTime‌ on older versions of iOS and macOS. Capturing a Live Photo will require iOS 12.1.4 or the new version of macOS 10.14.3. Apple is also restricting Group ‌FaceTime‌ from devices running earlier versions of iOS.

Apple in a security document released this morning outlines the specific fixes that were implemented in iOS 12.1.4 and the macOS 10.14.3 supplemental update.

Apple fixed a logic issue that existed in the handling of Group ‌FaceTime‌ calls with improved state management, and the Group ‌FaceTime‌ testing led to the discovery of the ‌Live Photos‌ issue. Apple says that the ‌Live Photos‌ bug was fixed with "improved validation on the ‌FaceTime‌ server."

Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.

Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the ‌FaceTime‌ bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.

Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.

Tags: FaceTime Guide, FaceTime Listening Bug
Related Forum: iOS 12

Popular Stories

Dynamic Island iPhone 18 Pro Feature

11 Reasons to Wait for the iPhone 18 Pro

Monday May 11, 2026 9:01 am PDT by
We're only four months out from the launch of Apple's premium next-generation smartphone lineup, and while we're not expecting a sea change in terms of functionality, there are still several enhancements rumored to be coming to the iPhone 18 Pro and iPhone 18 Pro Max. One thing worth noting is that Apple is reportedly planning a major change to its iPhone release cycle this year, adopting a...
Read Full Article35 comments
iOS 26

iOS 26.5 Features: Everything New in iOS 26.5

Monday May 11, 2026 5:09 pm PDT by
Apple released iOS 26.5 after a few months of beta testing, and while it doesn't have the Siri features we were hoping for since those are being held until iOS 27, there are a handful of useful changes worth knowing about. Subscribe to the MacRumors YouTube channel for more videos. End-to-End Encryption for RCS Support for end-to-end encryption (E2EE) for RCS messages between iPhone and...
Read Full Article64 comments
General Apps Reddit Feature

Reddit Starts Blocking Mobile Website, Pushing Users to App Instead

Monday May 11, 2026 6:10 am PDT by
Social network Reddit recently began blocking mobile visitors to its website while pushing them to download the official Reddit app, and it's fair to say that the move is not going down well with users. If you visit reddit.com on your iPhone today, you may see a new popup that can't be dismissed, asking you to "get the app to keep using Reddit." A Reddit spokesperson told Ars Technica...
Read Full Article125 comments

Top Rated Comments

motm95 Avatar
motm95
95 months ago
As much as I get annoyed at Apple these days for various things, and even though it is extremely concerning that Apple let a bug this serious slip through in the first place, I have to say overall Apple is pretty darn responsive at addressing security problems and releasing updates. I am also very glad that iPhone users don't have to rely on wireless carriers to get these security fixes.
Score: 21 Votes (Like | Disagree)
AngerDanger Avatar
AngerDanger
95 months ago
I’d love to get paid for accidentally calling myself over Group FaceTime.
Score: 11 Votes (Like | Disagree)
A
alirz
95 months ago
$50 gift card for them i bet and a 10% discount on a new Mac pro.
Score: 8 Votes (Like | Disagree)
J
jtara
95 months ago
If this young man decides to go into security he could get into some very lucrative work in short order
There's no great white-hat hacking or technical knowledge at play here. The kid was observant, and realized it wasn't right. (Not to denigrate any technical expertise or talent that he does have - I have no knowledge.)

I’d love to get paid for accidentally calling myself over Group FaceTime
He did more than just accidentally called himself over group Facetime. He followed-through and persisted when adults basically told him "go away, kid, ya bother me!"

That persistence is a great trait, no matter WHAT profession he chooses.
Score: 7 Votes (Like | Disagree)
whooleytoo Avatar
whooleytoo
95 months ago
Sounds good. But I hope it's not just a reactive bounty, but they're also looking at bounty programmes going forward.

Apple really needs to 'double down' on security. These are not minor glitches.
Score: 7 Votes (Like | Disagree)
T
tobybrut
95 months ago
But can't the customers just take the bug reports directly to the engineers???
No, as a software engineer myself, there’s not a company in the world that will let customers directly contact engineers, except in extreme cases where the engineers request the contact. Usually that’s only if they cannot replicate the problem or if there’s something unique about the environment where the bug happened. If companies allowed it, engineers would never get anything done. It’s the job of their managers to protect them from things that distract them from their work.

Apparently, as with most large companies, there’s a problem with customer support communicating with the people necessary to get the ball rolling on fixes. Apple needs to fix that process. I don’t know if it was a matter of failure to communicate or a failure to prioritize. With something like this, I suspect the former.
Score: 6 Votes (Like | Disagree)
Read All Comments