2 min read

Apple fixes FaceTime eavesdropping bug, but other flaws may remain

Graham CLULEY

July 19, 2016

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Apple fixes FaceTime eavesdropping bug, but other flaws may remain

Apple issued security updates for OS X and iOS yesterday. Have you downloaded and installed them?

Perhaps you should, because there are a number of serious vulnerabilities addressed that – if left unpatched – could leave your privacy and security in peril.

One of the flaws particularly caught my eye, because it’s easy to imagine how it could be abused by law enforcement and intelligence agencies to spy on targets without their knowledge.

The CVE-2016-4635 vulnerability could allow an unauthorised party to continue to listen in to a FaceTime call after the chatting parties believe it has concluded.

In other words, someone calls you. You think the call has finished. But in fact, without your knowledge, someone is continuing to listen in to you via your Mac or iPhone’s microphone.

Any vulnerability which suggests that iPhone and Mac users could be spied upon because of a security hole like this raises the spectre that it could be exploited not only by online criminals and fraudsters, but also by over-reaching governments.

And that’s something that Apple appears to feel very strongly about, attempting to distance itself from some of its competitors with its defiant stance against government overreach, as most recently demonstrated in its refusal to crack the San Bernardino iPhone.

Apple drily described the FaceTime vulnerability as follows in their security advisory issued yesterday:

FaceTime
Available for: OS X El Capitan v10.11 and later, iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated.

Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.

More details of the nature of the flaw, which was announced as part of a security update which saw some 35 fixes for OS X El Capitan and over two dozen for iOS, have not yet been released, but discovery of the vulnerability is credited to self-proclaimed security geek Martin Vigo.

I went to Martin Vigo’s website expecting to see more details of what the vulnerability entailed, seeing as a fix had now been issued by Apple. But there was nothing to read about it.

Worryingly, on his Twitter account Vigo says that he has not written about the now-fixed Facetime vulnerability because there are “other related vulnerabilities still to be fixed.”

Although it’s good that Apple has apparently fixed this FaceTime snooping vulnerability, it’s alarming to hear that there may be other as-yet-unpatched vulnerabilities still to be addressed by Apple’s security team.

Maybe those of us who rely upon FaceTime for secure communications would be wise to tread a little carefully until more is known.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read