Notebookcheck
, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Apple finally fixes eavesdropping Group FaceTime bug via iOS 12.1.4

The eavesdropping bug only occurred when callers were using the Group feature. (Source: Apple)
The eavesdropping bug only occurred when callers were using the Group feature. (Source: Apple)
Apple was supposed to completely fix the eavesdropping vulnerability triggered via the Group feature in the FaceTime app last week, but it looks like the company found a few more bugs and fixed them as well. One bug is related to the Live Photos feature in FaceTime, while the other two are related to memory corruption flaws occurring in the IOKit and Foundation.
Bogdan Solca,

Working For Notebookcheck

Are you a techie who knows how to write? Then join our Team! English native speakers welcome!

News Writer - Details here

The FaceTime bug that dragged Apple into a lawsuit was finally patched in the latest version of iOS. Apple initially stated that it would have a patched version ready by the end of last week, but the fix took almost one more week to be released. However, Apple did deactivate the Group feature that was causing the problems last Wednesday.

With the iOS 12.1.4 version that was released on February 7 Apple also managed to fix two other security vulenrabilities: a memory corruption flaw in the IOKit that allowed apps to execute arbitrary code with kernel privileges, and another memory corruption bug in Foundation that allowed apps to gain elevated privileges. Additionally, Apple discovered a new bug triggered by the Live Photos feature in FaceTime while trying to fix the eavesdropping vulnerability. Here is Apple’s official statement:

Today’s software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.

Apparently, the Group feature was supposed to be added in a mid-2018 version, but Apple only introduced it in late November 2018, and even with that delay, it looks like the software was not properly tested. Moreover, Apples security infrastructure is yet again challenged with the latest bug discovered in macOS by 18-year-old Linus Henze, who claims that the operating system exposes passwords stored in the keychain to malicious apps. Apple has not yet release any statement regarding this issue.

, , , , , ,
search relation.
, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,
 

Source(s)

static version load dynamic
Loading Comments
Comment on this article
Bogdan Solca
Bogdan Solca - Senior Tech Writer - 1565 articles published on Notebookcheck since 2017
I first stepped into the wondrous IT&C world when I was around seven years old. I was instantly fascinated by computerized graphics, whether they were from games or 3D applications like 3D Max. I'm also an avid reader of science fiction, an astrophysics aficionado, and a crypto geek. I started writing PC-related articles for Softpedia and a few blogs back in 2006. I joined the Notebookcheck team in the summer of 2017 and am currently a senior tech writer mostly covering processor, GPU, and laptop news.
contact me via: Facebook
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 02 > Apple finally fixes eavesdropping Group FaceTime bug via iOS 12.1.4
Bogdan Solca, 2019-02- 8 (Update: 2019-02- 8)