Notebookcheck

Apple finally fixes eavesdropping Group FaceTime bug via iOS 12.1.4

The eavesdropping bug only occurred when callers were using the Group feature. (Source: Apple)
The eavesdropping bug only occurred when callers were using the Group feature. (Source: Apple)
Apple was supposed to completely fix the eavesdropping vulnerability triggered via the Group feature in the FaceTime app last week, but it looks like the company found a few more bugs and fixed them as well. One bug is related to the Live Photos feature in FaceTime, while the other two are related to memory corruption flaws occurring in the IOKit and Foundation.

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team!

Currently wanted: 
German-English-Translator - Details here

The FaceTime bug that dragged Apple into a lawsuit was finally patched in the latest version of iOS. Apple initially stated that it would have a patched version ready by the end of last week, but the fix took almost one more week to be released. However, Apple did deactivate the Group feature that was causing the problems last Wednesday.

With the iOS 12.1.4 version that was released on February 7 Apple also managed to fix two other security vulenrabilities: a memory corruption flaw in the IOKit that allowed apps to execute arbitrary code with kernel privileges, and another memory corruption bug in Foundation that allowed apps to gain elevated privileges. Additionally, Apple discovered a new bug triggered by the Live Photos feature in FaceTime while trying to fix the eavesdropping vulnerability. Here is Apple’s official statement:

Today’s software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.

Apparently, the Group feature was supposed to be added in a mid-2018 version, but Apple only introduced it in late November 2018, and even with that delay, it looks like the software was not properly tested. Moreover, Apples security infrastructure is yet again challenged with the latest bug discovered in macOS by 18-year-old Linus Henze, who claims that the operating system exposes passwords stored in the keychain to malicious apps. Apple has not yet release any statement regarding this issue.

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 02 > Apple finally fixes eavesdropping Group FaceTime bug via iOS 12.1.4
Bogdan Solca, 2019-02- 8 (Update: 2019-02- 8)
Bogdan Solca
Bogdan Solca - News Editor
I stepped into the wonderous IT&C world when I was around 7. I was instantly fascinated by computerized graphics, be them from games or 3D applications like 3D Max. I like to keep myself up to date with all the new technologies that get released at an ever increasing rate these days. I'm also an avid SciFi reader, an astrophysics aficionado and, as of late, a crypto geek.