Apple's iOS 12.1.4 Update Also Fixes Live Photos Vulnerability, FaceTime Bug Reporter to Receive Bounty and Gift Toward Education

Following the release of iOS 12.1.4, Apple today issued an apology to customers and said that it had found and fixed the Group FaceTime bug and an additional security vulnerability involving Live Photos in the ‌FaceTime‌ app.


From a statement provided to MacRumors:

Today's software update fixes the security bug in Group ‌FaceTime‌. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the ‌FaceTime‌ service and made additional updates to both the ‌FaceTime‌ app and server to improve security. This includes a previously unidentified vulnerability in the ‌Live Photos‌ feature of ‌FaceTime‌. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the ‌Live Photos‌ feature of ‌FaceTime‌ for older versions of iOS and macOS."

Going forward, Apple says that the ‌Live Photos‌ feature will not be available in ‌FaceTime‌ on older versions of iOS and macOS. Capturing a Live Photo will require iOS 12.1.4 or the new version of macOS 10.14.3. Apple is also restricting Group ‌FaceTime‌ from devices running earlier versions of iOS.

Apple in a security document released this morning outlines the specific fixes that were implemented in iOS 12.1.4 and the macOS 10.14.3 supplemental update.

Apple fixed a logic issue that existed in the handling of Group ‌FaceTime‌ calls with improved state management, and the Group ‌FaceTime‌ testing led to the discovery of the ‌Live Photos‌ issue. Apple says that the ‌Live Photos‌ bug was fixed with "improved validation on the ‌FaceTime‌ server."

Additional Foundation and IOKit bugs were fixed in iOS as well, addressing memory corruption issues that could lead to elevated privileges for applications.

Apple lists Grant Thompson of Catalina Foothills High School as one of the people who discovered the ‌FaceTime‌ bug. Thompson and his mother made multiple attempts to get into contact with Apple to inform the company of the bug well ahead of when it went public. Daven Morris of Arlington, TX is also listed as a person who discovered the vulnerability and reported it to Apple.

Apple has apologized for missing those messages and has vowed to improve its bug reporting system to make sure future bug reports are distributed to the right people. Apple will be compensating the Thompson family for finding and reporting the bug, and Apple will be providing an additional scholarship to be put towards Thompson's education.

Top Rated Comments

(View all)
Avatar
21 months ago
As much as I get annoyed at Apple these days for various things, and even though it is extremely concerning that Apple let a bug this serious slip through in the first place, I have to say overall Apple is pretty darn responsive at addressing security problems and releasing updates. I am also very glad that iPhone users don't have to rely on wireless carriers to get these security fixes.
Score: 21 Votes (Like | Disagree)
Avatar
21 months ago
I’d love to get paid for accidentally calling myself over Group FaceTime.
Score: 11 Votes (Like | Disagree)
Avatar
21 months ago
$50 gift card for them i bet and a 10% discount on a new Mac pro.
Score: 8 Votes (Like | Disagree)
Avatar
21 months ago

If this young man decides to go into security he could get into some very lucrative work in short order

There's no great white-hat hacking or technical knowledge at play here. The kid was observant, and realized it wasn't right. (Not to denigrate any technical expertise or talent that he does have - I have no knowledge.)

I’d love to get paid for accidentally calling myself over Group FaceTime

He did more than just accidentally called himself over group Facetime. He followed-through and persisted when adults basically told him "go away, kid, ya bother me!"

That persistence is a great trait, no matter WHAT profession he chooses.
Score: 7 Votes (Like | Disagree)
Avatar
21 months ago
Sounds good. But I hope it's not just a reactive bounty, but they're also looking at bounty programmes going forward.

Apple really needs to 'double down' on security. These are not minor glitches.
Score: 7 Votes (Like | Disagree)
Avatar
21 months ago
Getting an official credit like this is huge. If this young man decides to go into security he could get into some very lucrative work in short order. Congratulations to you and your family.
Score: 6 Votes (Like | Disagree)

Top Stories

iPhone 12 Lineup Rumored to Be Named 'iPhone 12 mini,' 'iPhone 12,' 'iPhone 12 Pro,' and 'iPhone 12 Pro Max'

Monday September 21, 2020 5:24 am PDT by
Leaker known as "L0vetodream" has today shared the alleged naming for the upcoming iPhone 12 lineup on Twitter. The tweet proposes that the upcoming iPhone 12 models will be titled "iPhone 12 mini," "iPhone 12," "iPhone 12 Pro," and "iPhone 12 Pro Max." The names likely correspond to the three expected sizes of iPhone 12, with the 5.4-inch model being the iPhone 12 mini, the 6.7-inch model ...

iOS 14 Widgets Offer iPhone Users Creative Home Screen Ideas

Sunday September 20, 2020 8:43 pm PDT by
Updated on September 22nd with hands on video. In iOS 14, Apple introduced ‌the concept of Home Screen‌ widgets, which provide information from apps at a glance. Widgets can be pinned to the Home Screen in various spots and sizes, allowing for many different layouts. Despite the relative lack of...

Hands-On With iOS 14 Widgets, Custom Icons, and Home Screen Setup

Tuesday September 22, 2020 3:25 pm PDT by
Apple with iOS 14 introduced widgets on the Home Screen, leading to unprecedented levels of customization for the iPhone. Combined with Shortcuts that let you change an app's icon, iOS 14 lets you create a whole new look for your Home Screen. Subscribe to the MacRumors YouTube channel for more videos. We've been following along with some of the creative alternative Home Screen designs that M...

PSA: New Apple Watch Owners Have to Return Entire Device for Ill-Fitting Solo Loop or Braided Solo Loop

Monday September 21, 2020 3:26 pm PDT by
With the Apple Watch Series 6, Apple introduced two new band options, the Solo Loop and the Braided Solo Loop. These new bands are unique because they have no clasps, buckles, or other fasteners, and instead use a stretch design to allow them to pull onto the wrist over the hand. Because these bands are not adjustable, Apple sells each one in nine different sizes to make sure each person...

Apple's iPhone 12 Event Could Happen on October 13 Based on Rumors From Mobile Operators

Wednesday September 23, 2020 11:51 am PDT by
Apple's upcoming iPhone-centric event could perhaps be held on Tuesday, October 13, according to information shared with MacRumors by an employee at a UK cellular carrier. There's no way for us to confirm the dates at this point in time nor are we sure on the credibility of the source, but even without a rumor, Tuesday, October 13 is a good guess based on Apple's historic launch timelines, ...

New Images Leak of iPhone 12 Braided USB-C to Lightning Cable

Thursday September 24, 2020 2:37 am PDT by
Rumors suggest Apple's upcoming iPhone 12 models will ship with a new Lightning to USB-C cable that includes a braided fabric design. Images of the purported cables were leaked in July, and today leaker Mr White has shared new images that give us a closer look at what we might get included in the iPhone 12 box. The photos show a USB-C to Lightning cable with a clearly braided design rather...

Interest in iOS 14 Home Screen Ideas Helps Pinterest Break Daily Download Record

Wednesday September 23, 2020 4:37 am PDT by
Apple's introduction of widgets on the Home Screen in iOS 14 has driven a surge in interest among users looking to customize their iPhone, and that has reportedly had a knock-on effect for Pinterest, whose iOS app has seen record downloads as users flock to its content seeking design inspiration. As reported by TechCrunch, App Store intelligence firm Apptopia was first to note the impact of ...

Apple Releases First Public Betas of iOS 14.2 and iPadOS 14.2 With New Shazam Control Center Options

Monday September 21, 2020 10:34 am PDT by
Apple today seeded the first public betas of upcoming iOS 14.2 and iPadOS 14.2 updates to its public beta testing group, a few days after seeding the first betas to developers and a little less than a week after releasing the iOS 14 and iPadOS 14 updates. Public beta testers who have signed up for Apple's beta testing program can download the iOS and iPadOS‌ 14.2 updates over the air after ...

Apple Emphasizes That Solo Loop May Increase in Length Over Time, Updates Sizing Guide With More Specific Instructions

Wednesday September 23, 2020 8:26 am PDT by
Apple on Tuesday updated one of its support documents to emphasize that the new silicone rubber Solo Loop for the Apple Watch may increase in length over time, as mentioned in fine print at the bottom of the Solo Loop product page. Apple has also updated its printable Solo Loop sizing guide with more specific instructions, as noted by 9to5Mac's Michael Steeber. The guide now advises users to ...

Microsoft Announces Outlook for Mac Redesign, Improvements to iOS and watchOS Apps

Tuesday September 22, 2020 8:56 am PDT by
Microsoft has today announced plans to bring a new design to its Outlook for Mac app along with several other improvements and features for Outlook on iOS and watchOS. In preparation for the public release of macOS Big Sur, Microsoft has been testing a new design for Outlook on Mac. The design includes Microsoft's Fluent icons and several design cues from Big Sur such as rounded corners....