This week's sponsor

The Clock

The Best World Clock.


Apple Releases iOS Update to Fix FaceTime Bug and Compensates Teen Who Discovered the Problem

Today, Apple issued an update to iOS that fixes the serious bug that we reported on last week, which could be exploited to eavesdrop on someone using FaceTime. With iOS 12.1.4 in place, Apple has turned Group FaceTime back on server-side too, but it will only work with the updated version of iOS and later releases.

In a statement to MacRumors, BuzzFeed, and other media outlets Apple said:

Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.

In the security update notes released alongside the update, Apple credits Grant Thompson, the teenager who first reported the bug, along with Daven Morris of Arlington, Texas.

FaceTime

Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation

Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer

Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.

CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX

According to Nicole Nguyen of BuzzFeed, Apple is also compensating Thompson’s family and making a gift towards his education:

Unlock MacStories Extras

Club MacStories offers exclusive access to extra MacStories content, delivered every week; it's also a way to support us directly.

Club MacStories will help you discover the best apps for your devices and get the most out of your iPhone, iPad, and Mac. Plus, it's made in Italy.

Starting at $5/month, with an annual option available. Join the Club.

A Club MacStories membership includes:

  • MacStories Weekly newsletter, delivered every week on Friday with app collections, tips, iOS workflows, and more;
  • Monthly Log newsletter, delivered once every month with behind-the-scenes stories, app notes, personal journals, and more;
  • Access to occasional giveaways, discounts, and free downloads.