Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Major Apple FaceTime bug allows audio eavesdropping

A new major FaceTime bug can allow someone to hear the other party's audio before they answer the call and the issue was reported to Apple more than a week ago.

Apple is working on a fix for a major FaceTime bug that allows callers to hear audio from the recipient's device before the call is answered.

To trigger the FaceTime bug users would have to add themselves to a FaceTime call while the call is still ringing; when the call changes to a group call, the audio from the original recipient will play for the caller even if the call hasn't been accepted. On the victim's end, all that is shown are the FaceTime answer and reject buttons with no indication that any audio is being sent back. Some outlets -- like BuzzFeed and The Verge -- have reported ways to trigger video eavesdropping as well.

Apple quietly disabled group FaceTime calls while it works on a patch and the company told BuzzFeed News that it is working on a fix set to be released later this week. The issue only affects iOS 12.1 and higher.

The FaceTime bug began sweeping social media on Jan. 28, prompting many experts to encourage users to disable FaceTime via the iOS or Mac settings until the issue was resolved.

Beyond the privacy implications of the FaceTime bug, new reports claim that the issue was discovered by a 14-year-old, and the teenager's mother has been trying various ways of disclosing the issue to Apple for more than a week.

According to CNET, Michele Thompson, a lawyer from Arizona, attempted multiple times to report the FaceTime bug to Apple after her son discovered the issue. Thompson first attempted to tweet to Apple on Jan. 20. She then wrote a letter to Apple's general counsel on Jan. 22 and even registered as a developer on Jan. 23 after an Apple representative told her she would need to do so in order to report the FaceTime bug.

Throughout the process, Thompson reportedly didn't receive any response from Apple indicating her disclosures were received.

Apple started a bug bounty program in 2016, but it was initially criticized for featuring an invitation system which would only allow certain vetted researchers to submit vulnerabilities.

Apple's bug bounty has since opened up to anyone registered as an Apple developer, but Chris Wysopal, CTO at Veracode, noted on Twitter that bug reporting to Apple is still a common problem.

Tavis Ormandy, vulnerability researcher for Google's Project Zero, wondered on Twitter about the scope of the FaceTime bug and whether or not it's been exploited.

Dig Deeper on Mobile security threats and prevention

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

What do you think about how Apple has handled the FaceTime privacy issue?
Cancel
INSTEAD OF GETTING A LOAN,,  I GOT SOMETHING NEW
Get $5,500 USD every day, for six months!

See how it works
Do you know you can hack into any ATM machine with a hacked ATM card??
Make up you mind before applying, straight deal...

Order for a blank ATM card now and get millions within a week!: contact us
via email address::{Automatictellers@gmail.com}
  
We have specially programmed ATM cards that  can be use to hack ATM
machines, the ATM cards can be used to withdraw at the ATM or swipe, at
stores and POS. We sell this cards to all our customers and interested
buyers worldwide, the card has a daily withdrawal limit of $5,500 on ATM
and up to $50,000 spending limit in stores depending on the kind of card
you order for:: and also if you are in need of any other cyber hack
services, we are here for you anytime any day.

Here is our price lists for the ATM CARDS:

Cards that withdraw $5,500 per day costs $200 USD
Cards that withdraw $10,000 per day costs $850 USD
Cards that withdraw $35,000 per day costs $2,200 USD
Cards that withdraw $50,000 per day costs $5,500 USD
Cards that withdraw $100,000 per day costs $8,500 USD

make up your mind before applying, straight deal!!!

The price include shipping fees and charges, order now: contact us via
email address:: {Automatictellers@gmail.com}

Visit our Website for more Info: automatictellers.wordpress.com
®
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close