Having previously promised a software update to address a mind-bogglingly huge privacy flaw in FaceTime, Apple today released iOS 12.1.4 and Mojave 10.14.3 (18D109) with patches to fix the issue. The updates are currently making their way through Apple’s software update servers, becoming fully available to all users throughout the day.
Colloquially referred to as the “FacePalm” bug, the privacy flaw was reported to Apple in January by 14-year-old Grant Thompson and his attorney mother Michele, but remained unaddressed by the company for roughly a week. During a Fortnite session, Thompson discovered that initiating a Group FaceTime call enabled any FaceTime user to instantly begin hearing microphone audio from a ringing remote device, and under some circumstances would begin seeing video from the device, as well.
After reports of the issue began to spread on social media, Apple issued a statement promising to fix its software last week, and disabled the Group FaceTime server that was impermissibly streaming audio and video. The company later apologized and delayed the software update until this week, while thanking users for their patience as the patch was tested.
According to CNBC, an unnamed Apple executive flew out to Tucson, Arizona late last week to meet with the Thompsons and discuss improvements to the bug reporting system. The company has offered to pay Grant an unspecified reward for discovering the issue, which the Thompsons have said will go into his college fund — potentially for studying software engineering, which has become even more interesting to him based on this situation.
Today’s update is expected to redraw the lines for iOS and macOS support of the Group FaceTime feature, which previously required iOS 12.1 or macOS 10.14.1 to operate. Going forward, Group FaceTime will only work on iOS 12.1.4, macOS 10.14.3 (18D109), or newer. A watchOS update may also be forthcoming.
Apple’s patch notes suggest that it has addressed not only the FacePalm bug but also a previously unknown issue with FaceTime and Live Photos, as well as a Mac privileges exploit discovered by Google. On the Mac side, Apple’s version number is somewhat confusing. The January 22 release of macOS 10.14.3 carried the obscure build number suffix 18D42. Rather than calling the patched version 10.14.3.1, Apple updated 10.14.3’s build number to 18D109. It is available to users as macOS Mojave 10.14.3 Supplemental Update.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here