Apple today released a new iOS 12.1.4 update for the iPhone, iPad, and iPod touch, with the new software designed to fix an insidious privacy-invading Group FaceTime bug that could be exploited to eavesdrop on conversations.
The new iOS 12.1.4 software can be downloaded on all eligible devices over-the-air using the Settings app. To download it, go to Settings --> General --> Software update.
Though Apple's release notes for the update list "security updates" without going into specifics, the issue that's being fixed here is the Group FaceTime vulnerability. After the bug was widely publicized last week, Apple promised a fix, which was delayed to this week.
The FaceTime bug allowed someone to spy on you without your permission or knowledge. By exploiting the bug, a person could initiate a FaceTime call with you and then add themselves to the call again to force a Group FaceTime connection.
When this happened, the bug caused the person to be able to hear the audio on your end, despite the fact that the call was never answered and still looked like a standard FaceTime incoming call interface. In some situations, if you pressed the side button to silence a call, it would even give the person access to your video.
It was a serious bug, so serious that Apple took its entire Group FaceTime server offline as the company took the time to prepare the iOS 12.1.4 update. The Group FaceTime bug was publicized last Monday and Group FaceTime has been offline since then.
The Group FaceTime bug may have required some major under-the-hood changes to FaceTime given that it took Apple nearly two weeks to fix the issue. Following today's update, the Group FaceTime bug will no longer be able to be exploited and Apple will be able to bring its Group FaceTime server back online.
It continues to be unclear just how long the Group FaceTime bug was available for. Group FaceTime was introduced last October, and Apple has not let us know if the bug has been around since that launch date or if it was introduced in a later iOS 12 update.
Top Rated Comments
(View all)Still really digging the all caps "MAJOR" in the title of the video, but I think the thumbnail needs more work to really grab people's attention.
So is Group FaceTime re enabled server side? Or do they wait for a certain percent to upgrade? Those on 12.1.3 will still be vulnerable correct?
I presume Group FaceTime is re-enabled server side for all those who make a FaceTime call with the newest version of iOS. It probably remains disabled for earlier versions.Imagine if this problem was on Android, users would be waiting for years (probably forever) for an update fix it.
It’s about time Apple. Only a week behind......but who even uses Group FaceTime anyways? Might as well update just in case
Should they have rushed out a fix to save a week? They disabled it on the server side.You people are priceless.
Just installed phone seems a lot more responsive.
I believe the canonical expression is "snappier."but who even uses Group FaceTime anyways?
Really? Broaden your imagination. This is a _huge_ tool for companies for communicating when they can’t congregate together or if employees are spread about, or family members that are set apart that can’t can see each other regularly.The Agency that I work for, is already planning on using group FaceTime for when we have a scheduled meeting, when not all the employees can attend because we work different shifts/hours. I would say this a nice advantage to have when I can be at home and talk to my supervisor/other fellow colleagues direct with this new feature.