Skip to main content

Apple Disables Group Facetime Following Eavesdrop Bug

by Chris Brook on Monday August 22, 2022

Contact Us
Free Demo
Chat

The bug, which quickly went viral Monday night, affected Apple's group FaceTime feature and allowed iOS users to eavesdrop on other iOS users.

Apple says it plans to remedy a nasty FaceTime bug that allowed iPhone owners to spy on other iPhone users later this week. Until then the company has disabled the culprit behind the bug, FaceTime's group chat feature, to minimize the damage for users.

Apple acknowledged there was an issue with FaceTime Monday night, at 10:16 p.m., with an update to its system status page: "Group FaceTime is temporarily unavailable."

The issue appears to be connected to a logic flaw in the way iOS handles group calls. While not currently reproducible, the bug essentially tricked a user's phone into thinking a group call is ongoing. Once the original caller on a FaceTime call calls a user and adds themselves to a group chat, they can hear audio - and in some instances see video - from the recipient's phone, even if they haven't answered the call.

As news of the bug went viral, across Twitter and Reddit Monday night, iOS users found that if they pressed the power button or the volume down button during a group chat with an unsuspecting user they could see video from the other user - again, even if they didn't agree to the call.

While group FaceTime remains unavailable, Apple says it plans a proper fix sometime later this week.

“We’re aware of this issue and we have identified a fix that will be released in a software update later this week,” an Apple spokesperson said.

Even Rob Joyce, special assistant to the President and cybersecurity coordinator at the White House, warned of the issue late Monday, urging users to disable FaceTime until Apple pushed a patch.

The bug was reportedly found eight days ago by a 14-year-old amateur security researcher, it just wasn't reported to the Apple's reporting channel for security bugs, it was reported to Apple's Support team.

Apple fan site 9to5mac.com, one of the first publications to warn of the bug, shortly after 6 p.m. EST on Monday, said it believed the issue affected any pair of iOS devices, as long as they're running iOS 12.1 or later.

It's probably safe to say the bug was recently - at some point in the last several months - introduced to iOS. Natalie Silvanovich, a researcher with Google's Project Zero, outlined last month how she fuzzed FaceTime calls on iOS and Mac machines. Her work produced three vulnerabilities in FaceTime, an out-of-bounds read, a stack corruption vulnerability, and a kernel heap corruption issue, all of which were fixed in iOS 12.1, released on October 30.

Apple just released an update for iOS 12 - iOS 12.1.3 - last week but it appears it won't be the last the company pushes this month.

Tags:  Apple Mobile Security

Recommended Resources

The Definitive Guide to Data Loss Prevention
The Definitive Guide to Data Loss Prevention

All the essential information you need about DLP in one eBook.

6 Cybersecurity Thought Leaders on Data Protection
6 Cybersecurity Thought Leaders on Data Protection

Expert views on the challenges of today & tomorrow.

Digital Guardian Technical Overview
Digital Guardian Technical Overview

The details on our platform architecture, how it works, and your deployment options.