Apple fixes FaceTime Group Call bug: What you need to know

A serious FaceTime Group Call bug was discovered that lets you instantly access audio from the microphone and potentially the video of the person you called on FaceTime. The bug was fixed, but new issues have arisen in its place.

Update: February 18, 2019: FaceTime bug fix removes the 'Add Person' feature for one-to-one calls

Apple pushed out iOS 12.1.4 recently to fix the security bug with Group FaceTime. The fix, it appears, is in part, to keep the "Add Person" feature disabled for FaceTime calls that start out as one-to-one calls. As discovered by MacRumors forum members, when starting a FaceTime call with a single person, you can't add a person to that call.

Though some FaceTime users also reported not being able to add a second person, even during a call that started as a Group call, I was able to successfully start a Group call with two others, and add a fourth person.

It's important to note that you can't Group FaceTime with anyone not running iOS 12.1.4. If your friends are still running an older version of iOS, or if they're in the beta program (which hasn't pushed out a Group FaceTime bug fix yet), their names will be grayed out and you won't be able to start or add them to a Group FaceTime call.

According to a FaceTime user that contacted Apple Support, the Add Person bug is a known issue, with no information about whether or when it will return.

The following is the original article regarding the issue.

February 1, 2019: Apple has sent me a new statement:

"We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us."

Here's the previous statement Apple provided:

"We're aware of this issue and we have identified a fix that will be released in a software update later this week."

UPDATE: Apple has turned off the Group FaceTime service, effectively killing the bug and any potential exploit, until a proper fix is pushed out.

UPDATE: Apple has taken down (opens in new tab) FaceTime Group Calls to prevent anyone from abusing the bug before the fix is pushed out.

News of the audio bug first started making the rounds on social.

See more

It was then picked up and reproduced by 9to5Mac and Buzzfeed, among others, where the video portion of the bug was discovered.

And, thanks to Continuity, if you have multiple devices logged into FaceTime and running iOS 12 or macOS Mojave, the chaos is exponential — all the devices will ring and can potentially be used to access the respective device mics.

After years of relative inactivity, with iOS 12, Apple greatly enhanced and expanded FaceTime. In addition to Memoji and AR stickers, Apple added FaceTime Group Calls, which finally allowed for multi-user coherence calling on FaceTime.

It appears to be that new conference calling system that's allowing the remote mic and potential camera exploit to function.

As always, bugs happen, so all we can do is wait and see how well and quickly Apple fixes it. Which, according to the statement, should be very soon.

○ Video: YouTube
○ Podcast: Apple | Overcast | Pocket Casts | RSS
○ Column: iMore | RSS
○ Social: Twitter | Instagram

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • So much for privacy and security eh Rene?
  • A software bug doesn't mean that a company doesn't care about privacy. In fact Apple have responded very quickly to this issue, showing that they care.
  • It does mean, though, that their software development process, and testing process in particular, disregards sufficient security auditioning, which, of course, saves a lot of money. Software testing is the most expensive part of modern software engineering. Hence, when you want to save money, you test less. It is one thing to talk about security and privacy. It is another thing to do it. Talk is cheap, engineering is not.
  • We don't know how much they spend on security auditioning, you've just focused on this particular issue. Apple rarely has these kind of security issues, these things do happen albeit rarely. Human error will always exist, even with super stringent processes, if humans are involved, mistakes will be made somewhere down the line.
  • No. Software quality is always proportional to the money and effort spent on it. My colleagues in the aerospace industry do not produce code like this. They cannot afford to do so. Hence, the development process is testing oriented and expensive, unlike Apple's. The same developers will produce s*itty code when they move to the consumer arena, not because they are suddenly less talented, but because the process has a different emphasis. Software companies would like you to believe that "bugs happen" and "there are always mistakes." No. Software quality can be extremely reliably controlled. It does not just randomly happen.
  • In the aerospace industry I imagine things move a lot slower in terms of software development. iOS releases come thick and fast, with a major update annually and significant updates throughout the year. Are you asking for Apple to release less and fix more? There has to be a balance.
  • appolgist 100%. This comment proved the JJK has copious amounts of apple kool aid in his veins.
  • I'd love for you to be in a job where you're constantly hounded to meet very high standards under a very short deadline. You can't ask for the impossible, there has to be an equilibrium.
  • I am. The only difference in my job peoples lives are at stake not someone's weird love of apple.
  • It's still a very different kind of job. Programming is like putting a puzzle together, one piece in the wrong place and it completely ruins the picture. I think you need to be a programmer to understand how easy it is for these things to happen. In fact, look at it this way: No version "1.0" software is ever perfect, they always have bugs, finding a piece of software at version 1.0 without bugs is incredibly rare. In addition, Group FaceTime is still quite a new thing. It might sound like I'm being an apologist, but honestly bugs happen all the time, it just so happens that this one created a situation which was much more serious. Unlucky for Apple, and unlucky for whoever this negatively affected
  • Glug glug glug . Down goes the kool aid.
  • If you're not going to provide anything useful to the discussion then that makes you the troll that you claim you're not.
  • Apple knew about this on the 20th. They should have “pulled Group FaceTime due to an unknown issue”, back then.
    They haven’t reacted quickly at all.
    They kept quiet as usual.
  • How do you know that they knew? Are you psychic?
  • Read the thread on Macrumors.
  • We don't really know how many bug reports Apple got about this, never mind how many bug reports they probably get in a single hour. What we can learn from this is that Apple needs a better priority system with their bug reports. They need to be able to pick serious issues up like this when people report them amongst the thousands of other bug reports they receive, whether it's a computer system analysing the bug report to determine the priority, or a combination of that and the user indicating the priority itself. Things related to privacy and security should be the highest priority
  • Nice of you to concede that they knew about it on the 20th.
  • That's not what I said at all. I said it was probably lost in a sea of bug reports, so they didn't really know about it. But like I said, it's still Apple's fault that this happened and they should improve their prioritisation when it comes to bug reports.
  • Emeroid, No use trying to use common sense and logic with Danny, Rene and the other shills here.
  • I'd agree when talking about some of those in direct employ not so much the others. It's why I only come here when bored. Used to visit a lot here and ModMyi way back when.
  • I'm using logic, I'm a programmer and I know how easy it is for bugs to happen. It's just unlucky that this one affected people's privacy. That's it, that's the be all and end all of this situation. A bug happens, and people move on.
  • No. You don’t. You you apple blinders.
  • There's so much keyboard rage that you can't even use the right word. If you're going to add a comment, add something useful to the discussion. Programming can be a very thankless job because people don't understand the intricacies of the system and how easy it is to break something
  • Knew you would be in to defend them. However if it were android or Windows, you and other apple apologists would in with bells on.
  • Actually, it’s the exact opposite—what you’re guilty of is the defense mechanism termed “projection.”
  • And I knew you would be in to attack them. Takes two to tango.
  • So then why tango with them?
  • Because someone has to call out trolls on their bulls***. I'm not really defending, I'm just explaining. Apple made a mistake, I can't defend that, but they still care about privacy.
  • Not a troll. A realist. I use apple products, but I am not a corporate shill. I don't suck the corporate teet like Danny, rene and the other appologists. BIG DIFFERENCE. They (appoligists), come in to forums claiming that apple is all about security and privacy, or this or that. THEY ARE ALL THE SAME. Google, Apple, Microsoft etc. THEY ARE ALL THE SAME. Now, use what you use and enjoy the products. I do, I would never have anything but an iPhone. The features I use are just not there on android. I wish apple would open up to windows desktops/laptops more for their users who do not wish to use Macs for various reasons. I will, however, call out the TRUE BULLSHIT which is the fanboys in here on their obvious crap!
  • I think they're pretty much the same too. Their actions are all pretty similar, admittedly they are all after the green and that's pretty hard to ignore.
  • Exactly. Of course they are all the same, Apple just cloaks their greed behind flashy marketing and kool aid.
  • This has nothing to do with the topic at hand really. A bug was found, that just so happened to invade people's privacy which created a news headline. Another news story on the same level would be that grass is green. Bugs happen, deal with it.
  • HA HA. YES of course bugs happen. I agree. HOWEVER......Don't go all holy'er then thou claiming you are all about security, privacy etc, when you knew about a massive bug days before squashing it. COME ON. take the apple teet out of our mouth and your blinders off.
  • The news articles suggest Apple knew about it before because some people reported it on the bug tracker and on Twitter. Now look at it from Apple's angle, they have a Twitter and bug report page full of thousands of requests, how do you see that particular one from all the rest?
  • Well I personally believe they care more about people's privacy than other companies, and I believe that because of their actions and the precautions they put in place in their software, but that's just what I believe. We'll agree to disagree.
  • Apple reality distortion field in full effect here folks.
  • Like I said; we'll agree to disagree.
  • Honestly don’t care. Hardly used FaceTime at all. I simply stick to SNS message and FaceTime voice for everything else. People want privacy yet own a computer. Sadly as long as one owns a computer this is always going to be the end result. Not saying this isn’t an issue but the fear mongering over this is simply just stupid at best. This isn’t the first or last FaceTime issue, so why bother flipping over it. If someone wants to listen in to you ****ing your spouse turn your phone off (the obvious thing to do here) or let em, cause at least you can put them on blast as the call will obviously still be in your history later. Software and hardware will always have exploits (hence Jailbreaking), so you always get the good with the bad.
  • Publicly known exploits are rare on iOS, you do get a lot of privacy, but obviously you never get 100%, and it varies greatly depending on what services you use (I'm looking at you, Facebook).
  • Why are you looking at Facebook?
  • He should be looking at his iPhone, MacBook etc!
  • I don't know whether Emeroid misunderstood my comment and you just responded to it, or whether you both misunderstood it. The basic thing I was getting at, was that using Facebook on your iPhone greatly decreases your privacy.
  • Using Facebook isn't great for your privacy. It's a saying, I'm not physically looking at Facebook
  • Settle down. He and I obviously know what you are saying, I made a joke about it. You are claiming using facebook reduces your privacy, I countered that using your ipad and iPhone reduces your privacy as well. See what is going on there?
  • Using any kind of technology reduces your privacy, but Apple does a pretty good job IMHO. Bugs happen.
  • Again, you are missing my point since you are blinded by the kool aid. Yes, apple does a good job. HOWEVER, for years and years, apple and their lemmings have been CROWING about how secure, and private their devices and services are.....THEY are NO BETTER than anything else. That's my point. Microsoft, Apple, Google etc. THEY ARE ALL THE SAME. To claim apple cares about your privacy more than any other platform is silly, and just plain WRONG. They care about your MONEY!
  • Well I personally believe they care more about people's privacy than other companies, and I believe that because of their actions and the precautions they put in place in their software, but that's just what I believe. We'll agree to disagree
  • Apple reality distortion field in full effect here folks!
  • As I said, we'll agree to disagree.
  • "Apple added FaceTime Group Calls, which finally allowed for multi-user coherence calling on FaceTime" Yeah, those incoherent FaceTime calls are a PITA. "As always, bugs happen" Yep. So do typos.