3 min read

Update your iOS devices now against the FaceTime eavesdropping bug

Graham CLULEY

February 08, 2019

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Update your iOS devices now against the FaceTime eavesdropping bug

Last week a bug became such big news that it broke out of the technology press, and into the mainstream media – generating headlines around the globe.

The reason? A bizarre bug had been discovered in the way iPhones and iPads handled Group FaceTime calls meant that someone could potentially listen and even see you *before* you answered an incoming call.

As news of the flaw spread like wildfire on social media, Apple said it would fix the problem “later in the week” and made a change server-side that temporarily disabled all Group Facetime calls to prevent others from being at risk (much to the irritation of those hoping to prank their friends.)

The bad news for Apple grew as it not only failed to release a patch within its original estimate, but it was also revealed that a 14-year-old boy had separately discovered the problem a couple of weeks earlier, and had received no response when he attempted to report the bug to the tech giant.

Two members of the US Congress wrote to Apple CEO Tim Cook, demanding answers as to why the company had not acted immediately when the vulnerability was discovered, and how it was planning to address any harm caused to consumers.

House Energy and Commerce Committee Chairman Frank Pallone and Representative Jan Schakowsky claimed that Apple was failing to be transparent about what they described as a “serious issue.”

Meanwhile, New York Governor and Attorney General announced that they would be launching a probe into Apple’s failure to warn consumers.

Personally I do think that Apple dropped the ball somewhat in failing to take the 14-year-old’s bug report seriously when they first received it, but I find it hard to accept that the company didn’t act quickly when it understood the privacy-breaching nature of the problem.

Within hours of videos spreading rapidly on social media, and the first news reports of how to exploit the vulnerability, Apple had shut down all Group FaceTime calls – preventing others from abusing the bug.

And yes, obviously in an ideal world it would have had an iOS patch ready to roll out the next day – but the worst thing in the world would have been for Apple to have been rushed into issuing a fix that didn’t properly remediate the issue or – worse – introduced yet more flaws.

Sometimes it takes a while for code to be properly tested and quality controlled. As there was a no way for anyone to exploit the bug with Group FaceTime disabled it seems reasonable to me that Apple has only now issued an updated to iOS, iOS 12.1.4, which fixes the problem.

The update also fixes a number of other security issues, including two zero-day flaws discovered by researchers working for Google.

For many iPhone and iPad users the update will be automatically installed, but – if you want to make sure that you are protected – follow these instructions:

Click on Settings > General > Software Update, and choose Download and Install

And as for Grant Thompson, the 14-year-old high school student who first discovered the flaw? He appears to have been credited in Apple’s security bulletin about the flaw, just as any other security researcher would be.

Smart kid.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Man who "scraped and sold 178 million users' data" is sued by Facebook Man who "scraped and sold 178 million users' data" is sued by Facebook
Graham CLULEY

October 26, 2021

2 min read
Microsoft Teams Rolls Out End-to-End Encryption Microsoft Teams Rolls Out End-to-End Encryption
Silviu STAHIE

October 25, 2021

1 min read
Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains Stay Updated to Keep Ahead of Cyber Threats – Updating Chameleon Explains
Filip TRUȚĂ

October 25, 2021

2 min read