Today, Apple issued an update to iOS that fixes the serious bug that we reported on last week, which could be exploited to eavesdrop on someone using FaceTime. With iOS 12.1.4 in place, Apple has turned Group FaceTime back on server-side too, but it will only work with the updated version of iOS and later releases.
In a statement to MacRumors, BuzzFeed, and other media outlets Apple said:
Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.
In the security update notes released alongside the update, Apple credits Grant Thompson, the teenager who first reported the bug, along with Daven Morris of Arlington, Texas.
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX
According to Nicole Nguyen of BuzzFeed, Apple is also compensating Thompson’s family and making a gift towards his education:
Benjamin Mayo of 9to5Mac, reporting on a serious iOS bug just discovered for FaceTime:
A significant bug has been discovered in FaceTime and is currently spreading virally over social media. The bug lets you call anyone with FaceTime, and immediately hear the audio coming from their phone — before the person on the other end has accepted or rejected the incoming call.
Naturally, this poses a pretty privacy problem as you can essentially listen in on any iOS user, although it still rings like normal, so you can’t be 100% covert about it. Nevertheless, there is no indication on the recipient’s side that you could hear any of their audio.
Mayo continues by listing the details of how to reproduce the bug yourself when calling someone else, which involves a few very simple steps that anyone can perform. The simplicity of reproduction makes this bug especially dangerous.
Following up on Mayo's report, Dieter Bohn of The Verge shared that things get even worse:
To recap: due to this FaceTime bug, which appears to affect all devices running iOS 12.1 or later, any caller can gain access to another user's microphone feed while the call is ringing. And if the person receiving the call in that scenario tries to dismiss the call, it may unintentionally be answered, activating the device's camera as well.
Apple gave the following statement to John Paczkowski of BuzzFeed:
Hopefully 'later this week' ends up translating to the next day or two, as some serious havoc could be wrought by this bug on unsuspecting users. Until that software update is released, we strongly recommend disabling FaceTime from Settings ⇾ FaceTime on your devices, or at the very least be aware that incoming calls you receive could be tapping into your microphone without your consent.
Today following its Brooklyn keynote event, Apple released iOS 12.1, the first major update since September's iOS 12 brought Shortcuts, Screen Time, and more. Version 12.1 adds over 70 new emoji, introduces Group FaceTime with up to 32 participants, and lastly 2018's iPhones get upgrades via camera improvements and dual SIM support.
Following commercials for the iPhone 5's Music and Photos apps, Apple's "Every Day" campaign is back today with a new television ad called "FaceTime Every Day". As we expected, the commercial -- available on YouTube and Apple's website -- focuses on FaceTime video calling.
The new commercial, similarly to Music Every Day, isn't primarily aimed at highlighting the technology behind FaceTime or the features of the app; rather, it emphasizes how FaceTime can seamlessly fit into everyday life and turn remote "face to face communication" into something worth enjoying and remembering. Something as natural as talking to another person, but made possible by technology.
A girl shows her engagement ring to, perhaps, her mother or a friend who's not there with her; a man sends a kiss to his significant other (after having made sure nobody is watching); bits of life around the world -- fireworks, an empty apartment, kids playing in the backyard -- are shared with FaceTime.
There is no feature checklist. There are no flying robots in a post-apocalyptic scenario or references to wives and Tegra chipsets. The simple idea of connecting people is the checklist. "Every day, more people connect face to face on the iPhone than any other phone". There's no mention of FaceTime in the commercial, because there doesn't need to be: "FaceTime" may be in the ad's name, but the iPhone experience is the product being advertised.
We have embedded the commercial below. Read more
As noted by poster "macrob" on MacTalk's forums, the Apple Australian webpage for the recently announced iOS 6 suggests FaceTime over cellular will work on the iPhone 4 and iPad 2 in Australia. As indicated in a fine print at the bottom of the page (point 4), "FaceTime over a cellular network requires iPhone 4 or later, or iPad 2 or later with cellular data capability. Carrier data charges may apply. FaceTime is not available in all countries". This compares to Apple's other iOS 6 Preview webpages, where Apple states "FaceTime over a cellular network requires iPhone 4S or iPad (3rd generation) with cellular data capability".
Announced earlier this week by Scott Forstall at WWDC, FaceTime over cellular wasn't given exact specifications on stage during the keynote; on Apple's iOS 6 Preview webpage, a number of features -- such as VIP list and Shared Photo Streams -- are shown as available only on newer devices, as collected by MacRumors in this list. It appears Apple's Australian website is the only one to report FaceTime over cellular as compatible with the iPhone 4 and iPad 2; every other webpage says the feature will only work on the iPhone 4S and iPad 3.
It is unclear whether the fine print on Apple's Australian website could have been posted by mistake, or if Apple really is planning on supporting older devices for Australian customers. While technically possible as a number of jailbreak tweaks have shown in the past years, some have speculated Apple might want to limit FaceTime over cellular to newer devices due to their improved antenna design and networking capabilities over older generation models.
We have reached out to Apple for comment and we'll update this story with clarifications when available.
Update: Apple's Australian website has been updated to clarify FaceTime over cellular will work on the iPhone 4S or iPad 3.
Apple doesn't just make a handsome phone — the iPhone has plenty of unique features that separate it from the competition. A pair of new iPhone commercials are taking the stage tonight, putting AirPlay and FaceTime in the spotlight. The commercials, both featuring the same catchy background jingle we've become familiar in the "If you don't have an iPhone" series, show off just how easy it is to use the iPhone for sharing photos, videos, and conversations across the Apple TV, Mac, and iPad. While the commercials do come off a bit bumptious as usual in this series, the AirPlay commercial does a great job of showing off just how easy it is to stream media to your television or play music wirelessly through your home stereo system. AirPlay is something I've come to love in iOS 4 on my iPad and iPod touch, and I'm glad to see it getting its own air time in Apple's latest set of commercials. Past the break we've posted both videos for your viewing enjoyment.
According to a report posted by website Apple-wd.com [Google Translation], the iOS 5 beta seeded to developers earlier this week doesn't come with the FaceTime restrictions in Middle East countries we first covered back in October. Soon after Apple started removing graphics and mentions of FaceTime from its Saudi Arabia eight months ago, the company released an official document detailing the carriers that were not supporting FaceTime video calls on iOS -- the document is still available here and shows Saudi Arabia and United Arab Emirates having FaceTime unavailable on certain carriers.
Other reports also confirmed FaceTime for Mac wasn't showing Middle East countries as supported ones in the app's preferences, which left us wondering why would the Mac version go under the same "rules" if a carrier wasn't needed at all. Well, according to Apple-wd the iOS 5 beta has FaceTime working between iPhones in Saudi Arabia from STC and Mobily, as seen in the screenshot above.
Apple-wd speculates this might be a good indication of iOS 5 finally easing carrier restrictions on FaceTime which, as spotted at the WWDC keynote slides, is getting improvements for video call quality and may even work on 3G come the final release. However, it's also possible that carriers will update their configuration files when iOS 5 is released publicly to block FaceTime again.
9to5mac has posted a screenshot passed along by a reader, in which iOS 5 shows an alert box asking the user to turn on cellular data or WiFi to use FaceTime. By playing around with the iOS 5 preferences in Settings->General->Network, we've found how to replicate the "issue": turn off Cellular Data in the Network tab, open FaceTime's prefs inside the Settings app, and you should get the alert box. If it doesn't come up, try to turn FaceTime off and on again, making sure Cellular Data is still set to off. iOS 5 will tell you that you need data (3G) or WiFi to use FaceTime.
This could be big news for iPhone and iPad owners as FaceTime is currently restricted to WiFi networks, with many obviously speculating that the carriers forced Apple to make FaceTime available only on faster WiFi connections. On the other hand though, it needs to be mentioned that the jailbreak tweaks that enabled FaceTime on 3G on iOS 4.3 proved that, with less than optimal 3G speeds, FaceTime could be pretty terrible without WiFi.
However, there's one last piece to consider: at the WWDC '11 keynote, a slide showed by Scott Forstall on stage briefly hinted at improved video quality coming in FaceTime on iOS 5, alongside mid-call invitation alerts. See the image from This Is My Next's liveblog:
Whether this means iOS 5 will finally bring the possibility to video call on the go it's unclear at this point, and there's a very good chance the alert box above is simply an iOS bug from the first beta. Or, Apple could be really working closely with selected carriers to enable FaceTime on 3G, at no additional costs.
After the music video shot entirely using the iPad 2's cameras, here comes another one -- this time from Canadian band The Blue Stones -- which features a couple of iPhone 4s and FaceTime. The video itself was recorded using an HD camera (you can tell from the 1080p option available in the Youtube embed), but band members had the idea to add a unique geek twist to the whole concept, and play the song back recording everything via FaceTime.
Duct tape was used to cover the FaceTime UI on the iPhones (pretty much like movie directors constantly modify the iPhone's on-screen interface to maintain the "fiction" effect) and, overall, the result is interesting. If only because it shows how much popular iOS devices have become over the years and how FaceTime video quality is far from perfect most of the times (unlike Apple's webpages suggests in the screenshots).
Check out the video below. [via TUAW]