Following the discovery of a serious privacy bug in its FaceTime feature for iOS and macOS, Apple has issued a statement apologizing for the issue — and delaying a previously expected software update until next week.
Originally discovered roughly two weeks ago by Arizona teenager Grant Thompson, the bug enabled a FaceTime caller to surreptitiously listen in on audio near another user’s ringing FaceTime device. If the FaceTime call recipient silenced the ringing by pressing one of the device’s physical buttons rather than rejecting the call on the screen, the caller might have been able to see video broadcast from the device, as well.
The bug was determined to be related to a recent expansion of FaceTime, called Group FaceTime. Though Apple reportedly waited six or more days from initial contact with the teenager’s mother to address the issue, a growing number of shocked users on social media led the company to temporarily disable Group FaceTime on the server side and to promise a software update by week’s end.
Apple’s statement reads as follows:
We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
As details of the Thompson family’s efforts to reach Apple became clear, the company’s longstanding bug reporting process was rightly criticized for delaying its response. Rather than responding to the family’s earliest emailed reports, company representatives put Mrs. Thompson, an attorney, through an official bug reporting gauntlet, which included signing up for a developer account to file a ticket on the company’s bug radar. She memorialized her multiple contacts with the company over the course of several days, including a formal legal letter of notice, and later detailed them to members of the media. Despite her efforts, Apple didn’t take any public action until journalists reported that they had successfully replicated the bug.
Allegedly affected users in the U.S. and Canada have already started the process of filing lawsuits against Apple, claiming privacy invasions due to the bug. Similarly, New York’s Attorney General Letitia James and Governor Andrew Cuomo announced an investigation into the bug and Apple’s response time.