Posted February 15, 2019
After a couple of weeks of uncertainty after reporting a serious privacy error in one of Apple's flagship features for iOS 12, a patch is almost entirely dedicated to fixing the issue available for download. Relevant updates are included in iOS 12.1.4, an additional update to macOS Mojave 10.14.3, and a minor update to iOS shortcuts to version 2.1.3.
Let's see how we got here:
- A teenager who plays Fortnite with his friends sends FaceTime calls to several people.
- In the process, he discovers an easy-to-execute error that allows callers to listen to FaceTime receivers, even if they do not respond to the call.
- Teenager's family are trying in vain to report the problem to Apple for more than a week.
- Tech media picks up the story and starts a four-storm.
- Apple turns off Group FaceTime completely and says it's aware of the problem.
- Apple misses its first deadline to release a solution, announcing that it will pay the teenager a debugger to be the first to discover and report the problem.
By Thursday, February 7, Apple finally finalized the repair and re-enabled the Group FaceTime servers to bring the feature back online. The company has said that there were both device components and the server side of the error, but users are strongly advised to update the devices to the latest version. Without using this update, you will remain at risk from those who can try to continue exploiting the error now that it is widely known.
There are other good reasons to update your iPhone and your Mac today as well. These updates, but primarily focused on fixing the Group FaceTime error, also addressed several "zero-day" utilities for iOS that were already in use on real iPhones. These two errors were error correction errors that could allow hackers to start running their own code on the device. In addition, Apple says that a "thorough security review" while developing the Group FaceTime solution showed another error in Live Photos. Although not detailed, it has also been resolved.
Due to the serious nature of the bug and the need for updates, we encourage users to upgrade now if the device has not downloaded automatically and installed the patch itself.