Apple has pushed iOS 12.1.4 to iPhone and iPad users, fixing a security bug that allowed users to eavesdrop on people before accepting a FaceTime call.
The software giant moved quickly to disable Group FaceTime on its servers to prevent anyone from exploiting the bug after news of the bug spread quickly on Twitter. After three days of downtime, Apple restored the video video calling feature but promised that a software update would land this week.
The update says that it “provides important security updates and is recommended for all users,” without specifically referencing the Group FaceTime bug. But in its usual separate notice detailing security updates, Apple confirmed the bug is fixed.
“Today’s software update fixes the security bug in Group FaceTime,” said an Apple spokesperson. “We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.”
The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact the company before the bug was discovered elsewhere.
Apple will compensate the Thompson family for finding the bug and will offer an additional gift to his education.