Update | Group FaceGate: New iOS bug grants access to iPhone mic audio without its owner's knowledge

Update: Apple claims that its new 12.1.4 version for iOS, as well as an incremental Mojave update, has patched this vulnerability.

Apple had unveiled the novel feature of Group FaceTime on iPhones in a recent product launch. However, it appears that the latest updates to iOS - 12.1 or higher - have broken it in a serious, albeit probably inadvertent, manner. These versions have introduced a bug that allows a user to initiate a FaceTime with another individual with an iPhone, whereupon the first user can add their own number to this video chat. This makes the call a kind of auto-Group FaceTime. Crucially, it also allows the user who originally made the call to hear audio captured by the mic of the recipient before they pick up.

This was a potentially serious privacy issue that could be exploited for nefarious purposes. There are also claims in the media that a recipient could also unknowingly activate their front-facing camera if they press their power button, again before accepting the FaceTime. So far, Apple has responded to this situation by implementing a server-side shutdown of Group Face Time. Nevertheless, this bug could have put millions of users and their privacy at risk. iPhone users may be advised to disable FaceTime in their Settings until it is resolved for sure.

This represents yet another piece of bad news in an increasingly regular stream of the same for the Cupertino company. In addition, it has had an effect of premature aging on reports of a billboard commissioned for display over the convention center hosting CES this year. The ad, which touted Apple's efficacy at protecting the personal data of users, is not holding up well at this point.

Source(s)