Apple has released a fix for the FaceTime bug that let people eavesdrop on the people they were calling.
Released on Thursday, February 7, iOS 12.1.4 reactivates FaceTime’s group call feature that allowed the bug to be exploited. Apple switched off the feature last week after news of the bug went viral.
To update the operating system on your iPhone, iPad, or iPod Touch, head to Settings, then tap on General, and Software Update. Finally, hit Download and Install.
While Apple has fixed the flaw, the issue rumbles on for the tech giant after it emerged that the U.S. House of Representatives’ Energy and Commerce Committee and its sub-committee on consumer protection had become involved.
Its members sent a letter to Apple CEO Tim Cook on Tuesday demanding answers on a range of issues relating to the incident.
In the letter, the committee described the FaceTime vulnerability as a “significant privacy violation” and it wanted to know why it apparently took the company more than a week to acknowledge the issue and disable the group call function.
Indeed, it’s been established that Apple had been contacted a number of times about the flaw by 14-year-old Grant Thompson and his mother in the week leading up to Apple’s acknowledgment of the bug’s existence. But the company never responded to their initial messages. Whether this is because it never saw them has yet to be established, though the company insisted in a recent statement that “as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix.”
In the committee’s letter, the lawmakers included six questions to help it “better understand when Apple first learned of this security flaw, the extent to which the flaw has compromised consumers’ privacy, and whether there are other disclosed bugs that currently exist and have not been addressed.”
Meanwhile, it’s been confirmed that Grant Thompson, who discovered the vulnerability purely by accident when he was trying to contact friends using Apple’s video chat app, will receive a reward via the company’s bug bounty program, which encourages security researchers to submit details of software bugs in exchange for a cash payout.
Rolling out the FaceTime fix, Apple said: “We again apologize to our customers and we thank them for their patience,” adding that iDevices running anything earlier than iOS 12.1.4 will not be able to use the group call feature on FaceTime.
Finally, Apple said that while working to fix the bug, it discovered a previously unidentified vulnerability in the Live Photos feature of FaceTime. As a result, the company said that the Live Photos feature will not be available for older versions of FaceTime on iOS and MacOS. In other words, snapping a Live Photo now requires iOS 12.1.4 or MacOS 10.14.3 for Mac computers.
