Apple found itself in serious trouble last week when a teenager discovered a critical FaceTime bug that threatened the security of nearly every iPhone user. The bug enabled a user using Group FaceTime to access either the microphone or the camera of a recipient before they answered the call. According to Apple, the issues have been fixed in an iOS 12.1.4 update released Thursday, Feb. 7.
News broke about the Group FaceTime critical issues on Monday, Jan. 28. As reported, if you started a FaceTime video call but the other person wasn't answering, you could use the Group FaceTime feature to add your own phone number to the pending call. This allowed you to hear the person you were trying to reach before they answered.
If the recipient pressed the Side or Sleep/Wake button to mute the ringing, or if you answered the call to yourself on another device, you would have been able to access the iPhone camera on the recipient iPhone — even though they never answered.
It's also possible there were more ways to intercept audio or video through FaceTime. It's also possible Apple knew about the issue over one week before the general public. The mother of the teenager who discovered the vulnerabilities in FaceTime tweeted Apple CEO Tim Cook on Jan. 20, asserting her son had discovered the security flaw, and that they had already submitted bug reports to Apple that went ignored.
The teenager and mother were hoping to collect a bug bounty, but since Apple's bug bounty program is invite-only, it's a difficult task to get a vulnerability like this into its hands for review. Even reporting small bugs is a difficult task (we've had issues with Apple misinterpreting bug reports we've filed as normal behavior and then ignoring responses thereafter). However, an Apple exec reportedly met with Grant Thompson, the teenager, and his mother, and will be making an exception with a bug bounty reward.
Apple pulled Group FaceTime functionality for everyone on Jan. 28, and they've restored it for everyone running this new update only. On Apple's System Status webpage, it says "please update your software" to start using Group FaceTime again.
In Apple's security report for iOS 12.1.4, it also lists having fixed an issue with Live Photos during FaceTime video calls. While it's unknown what the issue was, Apple states it was "addressed with improved validation on the FaceTime server." Apple also fixed a few memory corruption issues that allowed apps to gain escalated privileges and execute arbitrary code.
To download the new update, open the Settings app, tap "General," then select "Software Update." Follow the on-screen instructions to download and install iOS 12.1.4. If you have iOS 12's new "Automatic Updates" enabled, your iPhone will install the update for you overnight.