What you need to know
- Apple has temporarily disabled the watchOS 5 Walkie Talkie feature to fix a security exploit.
- The exploit, although not yet seen in the wild, could let someone eavesdrop on the iPhone paired to the Apple Watch.
- The exploit was reported to Apple using the company's "report a vulnerability" portal.
Apple has turned off Walkie Talkie, a watchOS 5 feature that allowed two users to push-to-talk to each other using the FaceTime Audio protocol in a walkie-talkie-style fashion.
The action is temporary and was taken to allow Apple time to fix a security vulnerability that could have let an attacker eavesdrop on the iPhone paired to the Apple Watch, though there's been no evidence to suggest the exploit had yet been used in the wild.
Apple provided the following statement to Matthew Panzarino of TechCrunch:
We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer's iPhone without consent. We apologize again for this issue and the inconvenience.
This follows a bug earlier this year that allowed an attacker to listen in on an iOS 12 Group FaceTime call before the call was even accepted.
Apple similarly disabled Group FaceTime for a short period of time while the bug was fixed.
That report, though, took a while to filter in to Apple. This one seems to have been been handled much faster and more directly.
There will always be bugs. It's how companies respond to them that matter. Hopefully this is a good indicator of the new normal.