Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple issued a partial fix for recent FaceTime spying bug

On Friday, Apple announced that the FaceTime issue recently discovered has been partially fixed, the company plans to release a complete update next week. This week, Apple issued a partial fix for the FaceTime issue recently discovered, the tech giant plans to release a complete update next week. Apple experts implemented a server-side patch, but the […]

FaceTime bug

On Friday, Apple announced that the FaceTime issue recently discovered has been partially fixed, the company plans to release a complete update next week.

This week, Apple issued a partial fix for the FaceTime issue recently discovered, the tech giant plans to release a complete update next week.

Apple experts implemented a server-side patch, but the Group FaceTime feature will be enabled again next week.

The security vulnerability in the Apple FaceTime lets you hear the audio of the person you are calling before they pick up the call by adding your number to a group chat.

On the receiver’s side, it appears as if the call still hasn’t been answered.

The bug was discovered by Grant Thompson, a 14-year-old from Arizona, who attempted to report the flaw to Apple for more than 10 days without success.

“There’s a major bug in FaceTime right now that lets you connect to someone and hear their audio without the person even accepting the call.” reads a thread published on MacRumors.  

“This bug is making the rounds on social media, and as 9to5Mac points out, there are major privacy concerns involved. You can force a FaceTime call with someone and hear what they’re saying, perhaps even without their knowledge. 

We tested the bug at MacRumors and were able to initiate a FaceTime call with each other where we could hear the person on the other end without ever having pressed the button to accept the call.”

The flaw affected iOS 12.1 and 12.2 versions, and macOS Mojave.

FaceTime bug

Just after the bug was disclosed, Apple suspended the Group FaceTime feature.

Apple has officially thanked Thompson for reporting the bug apologized for the delay in receiving the report. The company has promised to improve the process for receiving reports such as the one related to the FaceTime issue.

“We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process,” reads the statement issued by Apple.

“We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix,”.

The New York attorney general and Governor Andrew M. Cuomo and Attorney General Letitia James announced a probe into the failure to report the flaw to the customers and the delay in responding to the report.

“In the wake of this egregious bug that put the privacy of New Yorkers at risk, I support this investigation by the Attorney General into this serious consumer rights issue and direct the Division of Consumer Protection to help in any way possible,” Governor Cuomo announced. “We need a full accounting of the facts to confirm businesses are abiding by New York consumer protection laws and to help make sure this type of privacy breach does not happen again.”

“This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years.said Attorney General James.

“My office will be conducting a thorough investigation into Apple’s response to the situation, and will evaluate the company’s actions in relation to the laws set forth by the State of New York. We must use every tool at our disposal to ensure that consumers are always protected.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – FaceTime bug, privacy)

[adrotate banner=”5″] [adrotate banner=”13″]