Apple releases bug fix for embarrassing security flaw that allowed FaceTime eavesdropping

Ruben Fields
February 8, 2019

Apple's embarrassing FaceTime flaw, that was discovered by a school kid playing Fortnite, has finally been fixed.

Today, Apple has released iOS 12.1.4 and a macOS Mojave 10.14.3 Supplemental Update that fixes this FaceTime bug. They only needed to call you using FaceTime, then add themselves to the call to make it a Group FaceTime call, and they could then hear your audio, even if you didn't answer. You can read the full security update details here.

Apple told outlets that a fix would come later that week, but it instead arrived this week, delivering to the iPhone 5s and later, iPad Air and later and the 6th generation iPod touch.

Apple turned off the group chat feature last week, several days after a 14-year-old boy in Tucson, Arizona, discovered the flaw.

Live Photos won't work unless you update your device as Apple has updated their servers to block the feature from devices not running the latest security update.

Mickelson Hits Every Fairway, Starts Well at Pebble Beach
Nine players were a single shot back on five under, including South Africa's Branden Grace, who played the Pebble Beach course. The 48-year-old world number 29 made five birdies on the back nine at the Monterey Peninsula Shore course.

Apple has also credited Grant for discovering the FaceTime bug in its software update, almost a week after thanking him for reporting the it in the first place.

To update an iPhone or iPad, head to Settings General Software Update on your iPhone or iPad and install the update. Macs are also getting an updated version of macOS 10.14.3 to fix the Group FaceTime flaw, as this feature is also built into that platform.

To update your Mac, open System Preferences (Apple Logo System Preferences), click Software Update and click Update Now.

While they were at it, Apple also slipped in two other security updates in the iOS and macOS releases for vulnerabilities they found Foundation and IOKit that could lead to code execution or privilege escalation.

Other reports by

Discuss This Article