Apple's iOS 12.1.4 Update Also Fixes Live Photos Vulnerability, FaceTime Bug Reporter to Receive Bounty and Gift Toward Education

Following the release of iOS 12.1.4, Apple today issued an apology to customers and said that it had found and fixed the Group FaceTime bug and an additional security vulnerability involving Live Photos in the ‌FaceTime‌ app.


From a statement provided to MacRumors:

Today's software update fixes the security bug in Group ‌FaceTime‌. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the ‌FaceTime‌ service and made additional updates to both the ‌FaceTime‌ app and server to improve security. This includes a previously unidentified vulnerability in the ‌Live Photos‌ feature of ‌FaceTime‌. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the ‌Live Photos‌ feature of ‌FaceTime‌ for older versions of iOS and macOS."

Going forward, Apple says that the ‌Live Photos‌ feature will not be available in ‌FaceTime‌ on older versions of iOS and macOS. Capturing a Live Photo will require iOS 12.1.4 or the new version of macOS 10.14.3. Apple is also restricting Group ‌FaceTime‌ from devices running earlier versions of iOS.

Apple in a security document released this morning outlines the specific fixes that were implemented in iOS 12.1.4 and the macOS 10.14.3 supplemental update.

Apple fixed a logic issue that existed in the handling of Group ‌FaceTime‌ calls with improved state management, and the Group ‌FaceTime‌ testing led to the discovery of the ‌Live Photos‌ issue. Apple says that the ‌Live Photos‌ bug was fixed with "improved validation on the ‌FaceTime‌ server."

Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.

Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the ‌FaceTime‌ bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.

Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.

Top Rated Comments

motm95 Avatar
27 months ago
As much as I get annoyed at Apple these days for various things, and even though it is extremely concerning that Apple let a bug this serious slip through in the first place, I have to say overall Apple is pretty darn responsive at addressing security problems and releasing updates. I am also very glad that iPhone users don't have to rely on wireless carriers to get these security fixes.
Score: 21 Votes (Like | Disagree)
AngerDanger Avatar
27 months ago
I’d love to get paid for accidentally calling myself over Group FaceTime.
Score: 11 Votes (Like | Disagree)
alirz Avatar
27 months ago
$50 gift card for them i bet and a 10% discount on a new Mac pro.
Score: 8 Votes (Like | Disagree)
jtara Avatar
27 months ago
If this young man decides to go into security he could get into some very lucrative work in short order
There's no great white-hat hacking or technical knowledge at play here. The kid was observant, and realized it wasn't right. (Not to denigrate any technical expertise or talent that he does have - I have no knowledge.)

I’d love to get paid for accidentally calling myself over Group FaceTime
He did more than just accidentally called himself over group Facetime. He followed-through and persisted when adults basically told him "go away, kid, ya bother me!"

That persistence is a great trait, no matter WHAT profession he chooses.
Score: 7 Votes (Like | Disagree)
whooleytoo Avatar
27 months ago
Sounds good. But I hope it's not just a reactive bounty, but they're also looking at bounty programmes going forward.

Apple really needs to 'double down' on security. These are not minor glitches.
Score: 7 Votes (Like | Disagree)
killawat Avatar
27 months ago
Getting an official credit like this is huge. If this young man decides to go into security he could get into some very lucrative work in short order. Congratulations to you and your family.
Score: 6 Votes (Like | Disagree)

Top Stories

2021 mbp sd slot feature2

Kuo: New MacBook Pro Models With HDMI Port and SD Card Reader to Launch Later This Year

Monday February 22, 2021 8:52 pm PST by
Apple plans to release two new MacBook Pro models equipped with an HDMI port and SD card reader in the second half of 2021, according to analyst Ming-Chi Kuo, who outlined his expectations in a research note obtained by MacRumors. The return of an SD card reader was first reported by Bloomberg's Mark Gurman last month. "We predict that Apple's two new MacBook Pro models in 2H21 will have...
m1 mac mini

M1 Mac Users Report Excessive SSD Wear

Tuesday February 23, 2021 7:07 am PST by
Over the past week, some M1 Mac users have been reporting alarming SSD health readings, suggesting that these devices are writing extraordinary amounts of data to their drives (via iMore). Across Twitter and the MacRumors forums, users are reporting that M1 Macs are experiencing extremely high drive writes over a short space of time. In what appear to be the most severe cases, M1 Macs are sai...
iphone 12 pro display video

BOE Rumored to Supply iPhone 13 Display Panels After iPhone 12 Failures

Monday February 22, 2021 9:54 am PST by
Display manufacturer BOE will be one of the main suppliers of OLED panels for iPhone 13 models, according to a new report today from Taiwan's Economic Daily News. BOE is said to be working with touch panel manufacturer General Interface Solution (GIS), part of the Hon Hai Group to develop OLED panels. Multiple iPhone 12 rumors suggested that BOE would supply some panels for the devices,...
mac security privacy

Apple Takes Step to Prevent Further Spread of 'Silver Sparrow' Malware on Macs

Monday February 22, 2021 6:13 am PST by
Over the weekend, we reported on the second known piece of malware compiled to run natively on M1 Macs. Given the name "Silver Sparrow," the malicious package is said to leverage the macOS Installer JavaScript API to execute suspicious commands. After observing the malware for over a week, however, security firm Red Canary did not observe any final payload, so the exact threat to users remains a...
jon prosser imac 2021colors

Prosser: 2021 iMac to Come in Five Colors, Apple Silicon Mac Pro to Resemble 'Stacked' Mac Minis

Wednesday February 24, 2021 7:26 am PST by
Hit-and-miss leaker Jon Prosser has today alleged that the upcoming 2021 iMac models will offer five color options, mirroring the colors of the fourth-generation iPad Air, and revealed a number of additional details about the Mac Pro with Apple Silicon. In a new video on YouTube channel FrontPageTech, Prosser explained that the redesigned iMacs will come featuring options for Silver, Space ...
whatsapp privacy banner

WhatsApp Reveals What Happens to Users Who Don't Agree to Upcoming Privacy Policy Changes

Sunday February 21, 2021 1:11 am PST by
WhatsApp has revealed how it will gradually limit the features available to accounts held by users who do not accept the platform's impending privacy policy changes, due to come into effect on May 15. WhatsApp's new banner explaining the privacy policy changes According to an email seen by TechCrunch to one of its merchant partners, WhatsApp said it will "slowly ask" users who have not yet...
new airpods leaked image 52audios

Alleged Leaked Image Claims to Show Third-Generation AirPods and Case

Sunday February 21, 2021 2:49 am PST by
A new image claims to offer our first real world look at Apple's next-generation AirPods. The image, shared by 52audio, showcases both AirPods and the charging case for what the site claims to be the third iteration of the wireless earbuds. 52audio has in the past shared images claiming to showcase different parts of the third-generation AirPods. Most notably, the site in November shared...
anker magsafe powercore battery pack

Anker Releases MagSafe-Compatible Battery Pack for iPhone 12 Lineup

Tuesday February 23, 2021 7:49 am PST by
Following rumors that Apple is working on a MagSafe battery pack for iPhone 12 models, popular accessory maker Anker has beaten Apple to the punch with the release of its PowerCore Magnetic 5K Wireless Power Bank. First previewed at CES 2021, the PowerCore battery pack magnetically attaches to the back of any iPhone 12 model and provides 5W of wireless charging. With a 5,000 mAh capacity,...
iPad Pro Mini LED

New iPad Pro and MacBook Models With Mini-LED Displays Again Rumored to Launch This Year

Monday February 22, 2021 9:32 pm PST by
Taiwanese company Ennostar will begin production of Mini-LED backlight units for an upcoming 12.9-inch iPad Pro in the late first quarter or second quarter of this year, according to industry sources cited by DigiTimes. Ennostar is a holding company that was jointly established in January 2021 by LED-related manufacturers Epistar and Lextar Electronics. Apple is expected to unveil the new ...
14

iOS 14.5 to Make Zero-Click Attacks 'Significantly Harder'

Monday February 22, 2021 9:05 am PST by
Apple's impending iOS and iPadOS 14.5 update will make zero-click attacks considerably more difficult by extending PAC security provisions, according to Motherboard. Apple has made a change to the way in which it secures its code in the latest betas of iOS 14.5 and iPadOS 14.5 to make zero-click attacks much harder. The change, spotted by security researchers, has now been confirmed by...