Apple has temporarily disabled its Group FaceTime feature in iOS and macOS to fix a major security flaw. A bug in Apple’s FaceTime video calling feature has allowed anyone to call a phone or Mac and listen in before the other person picks up. The flaw works by adding yourself to a FaceTime call before the recipient picks up, tricking FaceTime into thinking it’s an active call and forcing the person you’re actually calling to start transmitting audio.
Apple has now disabled the Group FaceTime feature on the server side, and reports suggest this has fixed the security flaw for most people. Some are still able to reproduce the flaw, but it’s likely that Apple is still in the process of replicating this across multiple servers. Apple is also planning to fix this on the client side with a software update later this week, but in the meantime it’s probably worth disabling FaceTime in the iOS settings. On the Mac, you can disable FaceTime by opening the app, then Preferences, then unchecking “Enable this account.”
The flaw could have existed for three months
Group FaceTime was originally introduced on October 30th with iOS 12.1, following a delay to its scheduled introduction. A lockscreen security flaw was discovered within days of the iOS 12.1 release, involving the new Group FaceTime feature. It’s not clear how long this latest FaceTime flaw has existed, but it could have been exploited for as long as three months.
Apple is naturally moving quickly to address this and protect iPhone, iPad, and Mac users worldwide. New York governor Andrew Cuomo issued a consumer alert late on Tuesday to warn residents of New York about the FaceTime security bug. “The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk,” says Governor Cuomo. “In light of this bug, I advise New Yorkers to disable their FaceTime app until a fix is made available, and I urge Apple to release the fix without delay.”