A serious bug has been discovered that lets iOS users hear audio from another device without that person’s consent.
The bug is triggered when placing a FaceTime call to a contact and then adding yourself to the chat again using Group FaceTime. This causes the recipient’s audio to start playing on the first device, even if they don’t answer the call. It’s a very specific sequence of events that’s unlikely to be triggered by mistake, but one that could be easily exploited now it’s out in the open.
Even worse, if the recipient presses the power button to reject the call under these circumstances, FaceTime can actually start broadcasting audio and video as if the call was accepted. I think we can agree that’s very much not okay.
Thankfully, steps have already been taken to resolve the problem. Within hours of the bug being exposed on Twitter, Group FaceTime was remotely disabled by Apple – and will likely remain offline until a permanent fix is in place. The exploit requires Group FaceTime to work, so shutting the service off completely should keep everybody safe for the time being. An Apple spokesperson says a permanent fix will be released alongside iOS 12.2 later this week.
However, once iOS 12.2 fixes the problem, it’s unclear whether Group FaceTime will be reactivated for everyone or just for those who install the update. We hope the latter, else anyone slow to update their software could become vulnerable again. In the meantime, if you’re worried you can disable Facetime entirely using the toggle found in Settings > FaceTime.
This is a bad error, and it’s crazy that Apple’s software team let a bug of this caliber make it into a public release. That said, in times like these it’s worth remembering that the speed of security updates is a vital but invisible perk of the Apple ecosystem. Mistakes happen, and a mistake like this on an Android device would take much longer to remedy.
Still, this is a pretty embarrassing flaw for Apple considering how hard it’s been banging the privacy gong of late!