Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Apple's iOS 12.1.4 Update Also Fixes Live Photos Vulnerability, FaceTime Bug Reporter to Receive Bounty and Gift Toward Education
Following the release of iOS 12.1.4, Apple today issued an apology to customers and said that it had found and fixed the Group FaceTime bug and an additional security vulnerability involving Live Photos in the FaceTime app.
From a statement provided to MacRumors:
Apple in a security document released this morning outlines the specific fixes that were implemented in iOS 12.1.4 and the macOS 10.14.3 supplemental update.
Apple fixed a logic issue that existed in the handling of Group FaceTime calls with improved state management, and the Group FaceTime testing led to the discovery of the Live Photos issue. Apple says that the Live Photos bug was fixed with "improved validation on the FaceTime server."
Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.
Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the FaceTime bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.
Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.
From a statement provided to MacRumors:
Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS."Going forward, Apple says that the Live Photos feature will not be available in FaceTime on older versions of iOS and macOS. Capturing a Live Photo will require iOS 12.1.4 or the new version of macOS 10.14.3. Apple is also restricting Group FaceTime from devices running earlier versions of iOS.
Apple in a security document released this morning outlines the specific fixes that were implemented in iOS 12.1.4 and the macOS 10.14.3 supplemental update.
Apple fixed a logic issue that existed in the handling of Group FaceTime calls with improved state management, and the Group FaceTime testing led to the discovery of the Live Photos issue. Apple says that the Live Photos bug was fixed with "improved validation on the FaceTime server."
Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.
Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the FaceTime bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.
Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.
Related Roundup: iOS 12
Tags: FaceTime, FaceTime Listening Bug
[ 66 comments ]
Top Rated Comments
(View all)
11 weeks ago
As much as I get annoyed at Apple these days for various things, and even though it is extremely concerning that Apple let a bug this serious slip through in the first place, I have to say overall Apple is pretty darn responsive at addressing security problems and releasing updates. I am also very glad that iPhone users don't have to rely on wireless carriers to get these security fixes.
11 weeks ago
Sounds good. But I hope it's not just a reactive bounty, but they're also looking at bounty programmes going forward.
Apple really needs to 'double down' on security. These are not minor glitches.
Apple really needs to 'double down' on security. These are not minor glitches.
11 weeks ago
If this young man decides to go into security he could get into some very lucrative work in short order
There's no great white-hat hacking or technical knowledge at play here. The kid was observant, and realized it wasn't right. (Not to denigrate any technical expertise or talent that he does have - I have no knowledge.)
I’d love to get paid for accidentally calling myself over Group FaceTime
He did more than just accidentally called himself over group Facetime. He followed-through and persisted when adults basically told him "go away, kid, ya bother me!"
That persistence is a great trait, no matter WHAT profession he chooses.
11 weeks ago
But can't the customers just take the bug reports directly to the engineers???
No, as a software engineer myself, there’s not a company in the world that will let customers directly contact engineers, except in extreme cases where the engineers request the contact. Usually that’s only if they cannot replicate the problem or if there’s something unique about the environment where the bug happened. If companies allowed it, engineers would never get anything done. It’s the job of their managers to protect them from things that distract them from their work.Apparently, as with most large companies, there’s a problem with customer support communicating with the people necessary to get the ball rolling on fixes. Apple needs to fix that process. I don’t know if it was a matter of failure to communicate or a failure to prioritize. With something like this, I suspect the former.
11 weeks ago
Getting an official credit like this is huge. If this young man decides to go into security he could get into some very lucrative work in short order. Congratulations to you and your family.
11 weeks ago
Apple needs more "people persons" to get the bug reports from users to the engineers.
11 weeks ago
Hope the kid gets paid well for identifying this bug. Love Apple for the fast response and security update to all phones. Something Samsung are not very good at on my Note 9. Wait for ever to get any type of software push. Its painful to be honest.
11 weeks ago
I’d be very surprised if bugs that have gone unfixed for years will get any fresh attention without renewed advocacy. Resubmit them, and get anyone else you think might care to report them as well. The more users who complain about a bug, the more likely it is to get squashed.
Bingo. As someone with 25 years as a software engineer, I can guarantee there are bugs that languish for years in the bug tracking software marked as low priority. Engineers will joke about these as things that will never get fixed. The only way a low priority bug will ever get escalated is if it becomes commonplace. Most engineering managers and technical leads will never look at low priority bugs again, filtering reports only for critical and high bugs. If, for some unlikely reason, there are no critical or high bugs, then medium ones may get looked at again (not that likely). But for a company the size of Apple with the complexity of iOS/macOS/etc, I can guarantee low priority bugs will never see the light of day.[ Read All Comments ]
Tik Tok, which was pulled from the App Store in India last week to comply with a government demand to block downloads over child safety concerns, is allowed to return to the App Store, reports...
Amazon is currently discounting the latest 13-inch MacBook Pro with Touch Bar to a new all-time-low price. Specifically, this is the 2.3 GHz Quad-Core Intel Core i5 model with 8GB RAM and a 512GB...
Over four years after debuting on Android, and following a significant redesign last year, Google Fit is now available on iOS.
The fitness tracking app can track workout sessions completed...
Following a flash sale on Easter, Best Buy has returned this week with a new 4-day sale that offers discounts on the MacBook Pro with Touch Bar, iPhone X, Beats products, iPhone cases, and more. The...
iPhone XR remained the best-selling iPhone model in the United States in the first quarter of 2019, as it was in the fourth quarter of 2018, according to a survey conducted by research firm CIRP and...
Apple today seeded the third beta of an upcoming tvOS 12.3 update to its public beta testing group, one day after providing the beta to developers and two weeks after seeding the second public beta....
Apple today seeded the third beta of an upcoming macOS Mojave 10.14.5 update to its public beta testing group, a day after seeding the beta to developers and two weeks after releasing the second...
In April 2016, Beyoncé launched her sixth studio album "Lemonade" worldwide. While the album was available for Apple users to buy for $17.99 on iTunes at launch, it was never put on Apple...
