Notebookcheck Logo

Apple finally fixes eavesdropping Group FaceTime bug via iOS 12.1.4

The eavesdropping bug only occurred when callers were using the Group feature. (Source: Apple)
The eavesdropping bug only occurred when callers were using the Group feature. (Source: Apple)
Apple was supposed to completely fix the eavesdropping vulnerability triggered via the Group feature in the FaceTime app last week, but it looks like the company found a few more bugs and fixed them as well. One bug is related to the Live Photos feature in FaceTime, while the other two are related to memory corruption flaws occurring in the IOKit and Foundation.

The FaceTime bug that dragged Apple into a lawsuit was finally patched in the latest version of iOS. Apple initially stated that it would have a patched version ready by the end of last week, but the fix took almost one more week to be released. However, Apple did deactivate the Group feature that was causing the problems last Wednesday.

With the iOS 12.1.4 version that was released on February 7 Apple also managed to fix two other security vulenrabilities: a memory corruption flaw in the IOKit that allowed apps to execute arbitrary code with kernel privileges, and another memory corruption bug in Foundation that allowed apps to gain elevated privileges. Additionally, Apple discovered a new bug triggered by the Live Photos feature in FaceTime while trying to fix the eavesdropping vulnerability. Here is Apple’s official statement:

Today’s software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.

Apparently, the Group feature was supposed to be added in a mid-2018 version, but Apple only introduced it in late November 2018, and even with that delay, it looks like the software was not properly tested. Moreover, Apples security infrastructure is yet again challenged with the latest bug discovered in macOS by 18-year-old Linus Henze, who claims that the operating system exposes passwords stored in the keychain to malicious apps. Apple has not yet release any statement regarding this issue.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 02 > Apple finally fixes eavesdropping Group FaceTime bug via iOS 12.1.4
Bogdan Solca, 2019-02- 8 (Update: 2019-02- 8)