Apple has issued a public apology following the discovery of a rather serious FaceTime eavesdropping bug that allowed callers to hear audio coming from the other persons phone they were calling before that person had accepted or rejected the call – a huge breach of privacy made worse by the fact the caller could also see a live video stream coming from the phone they were calling, again before the person had accepted or rejected the call.
The simplest way to explain the bug is imagining three people: Person A, Person B and Person C. – If person A called Person B, but initiated a Group FaceTime call involving Person C and hung-up before Person C answered, Person A would then begin to hear live audio coming from Person B’s iPhone or iPad if they still hadn’t accepted the call. – If Person B pressed the volume buttons on their device while the call from Person A was still coming through, Person A would then see a live video stream from Person B’s front-facing camera before they had accepted the call.
Shortly after videos of the bug went viral on Tuesday, Apple said it had “identified a fix that [would] be released in a software update” later this week, although Apple now notes the fix won’t be available until some point next week.
We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
Within the apology Apple thanks the Thompson family who reported the issue to Apple over a week before the bug went viral, although Apple failed to act upon the tip-off at the time it was initially reported.