A serious FaceTime Group Call bug has been discovered that lets you instantly access audio from the microphone and potentially the video of the person you called on FaceTime.
February 1, 2019: Apple has sent me a new statement:
"We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us."
Here's the previous statement Apple provided:
"We're aware of this issue and we have identified a fix that will be released in a software update later this week."
UPDATE: Apple has turned off the Group FaceTime service, effectively killing the bug and any potential exploit, until a proper fix is pushed out.
UPDATE: Apple has taken down FaceTime Group Calls to prevent anyone from abusing the bug before the fix is pushed out.
News of the audio bug first started making the rounds on social.
Now you can answer for yourself on FaceTime even if they don’t answer🤒#Apple explain this.. pic.twitter.com/gr8llRKZxJ
— Benji Mobb™ (@BmManski) January 28, 2019
It was then picked up and reproduced by 9to5Mac and Buzzfeed, among others, where the video portion of the bug was discovered.
And, thanks to Continuity, if you have multiple devices logged into FaceTime and running iOS 12 or macOS Mojave, the chaos is exponential — all the devices will ring and can potentially be used to access the respective device mics.
After years of relative inactivity, with iOS 12, Apple greatly enhanced and expanded FaceTime. In addition to Memoji and AR stickers, Apple added FaceTime Group Calls, which finally allowed for multi-user coherence calling on FaceTime.
It appears to be that new conference calling system that's allowing the remote mic and potential camera exploit to function.
As always, bugs happen, so all we can do is wait and see how well and quickly Apple fixes it. Which, according to the statement, should be very soon.
