SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple Releases a Fix for Group FaceTime Bug — Update Now

Posted on February 15, 2019

After a couple of weeks of uncertainty following the announcement of a severe privacy flaw in one of Apple’s flagship features for iOS 12, a patch nearly entirely dedicated to fixing the problem is available for download. Relevant updates are included in iOS 12.1.4, a Supplemental Update to macOS Mojave 10.14.3, and a minor update to Shortcuts on iOS to version 2.1.3.

Let’s recap how we got here:

  • A teenager playing Fortnite with his friends sends FaceTime calls to multiple people.
  • In the process, he discovers a bug, easy to execute, that allows callers to eavesdrop on FaceTime recipients even if they do not answer the call.
  • The teen’s family tries in vain to report the issue to Apple for more than a week.
  • Tech media picks up the story and starts a firestorm.
  • Apple turns off Group FaceTime entirely and says it is aware of the problem.
  • Apple misses its initial deadline to release a fix, then announces it will pay the teen a bug bounty for being the first to discover and report the issue.

Late on Thursday, February 7, Apple finally released the fix and re-enabled the Group FaceTime servers to bring the feature back online. The company has said that there were both device-side and server-side components to the bug, but users are strongly advised to update their devices to the latest version. Without applying this update, you will remain at risk from those who may try to continue exploiting the flaw now that it’s widely known.

There are other good reasons to update your iPhone and your Mac today as well. These updates, though primarily focused on fixing the Group FaceTime flaw, also addressed several “zero-day” exploits for iOS which had already come into use on real iPhones. These two flaws were memory corruption bugs that could allow hackers to start running their own code on your device. Additionally, Apple says that a “thorough security audit” while developing the fix for Group FaceTime revealed another flaw in Live Photos. Though not detailed, it too has been fixed.

Owing to the severe nature of the bugs and the urgency of the updates, we encourage users to upgrade now if their device has not yet automatically downloaded and applied the patch on its own. 

Join our mailing list for the latest security news and deals