The iOS 12.1.4 software update has been released by Apple which patches the Group FaceTime privacy bug which let Apples users to make call via the FaceTime video chat service and hear or see you even before you pick up the call without your knowledge.
The Facetime bug dubbed as CVE-2019-6223 was discovered by 14-year-old Grant Thompson of Catalina Foothills High School while he was trying to set up a Group FaceTime session with his friends. He reported the bug to the company a week before it was made public and the group calling feature in the app had to be temporarily disabled.
Apple stated in their advisory that the bug was as a logic issue that resided in the handling of Group FaceTime calls. Apple has credited Daven Morris of Arlington, Texas along with Thompson, in their official advisory for reporting this bug.
Media reports says that Apple has agreed to compensate the family and help the teenager’s future education costs as part of its Bug Bounty program even though the amount was not disclosed.
Two More In-The-Wild Zero-Day Flaws Discovered
Three more security vulnerabilities were also patched in the iOS 12.1.4 update out of which two were reportedly being exploited in the wild. These were discovered by the security researchers at Google Project Zero. The last bug was also related to FaceTime which was discovered by the Apple security team.
- CVE-2019-7286: a memory corruption issue that let a malicious application to gain elevated privileges on the vulnerable Apple device.
- CVE-2019-7287: a memory corruption issue that could let a malicious application to execute arbitrary code with kernel privileges.
- CVE-2019-7288: this is another FaceTime flaw where the issue is with Live Photos.
All the users are highly recommended to update your Apple devices with iOS 12.1.4 release, which is available for the iPhone 5S, and later, iPad Air and later, and iPod touch 6th generation.
To update go to Settings→ General → Software Update and click the ‘Download and Install’ button.
If you are using Mac, install the new macOS Mojave 10.14.3 update that also fixes three of the four vulnerabilities mentioned here.
To update go to Apple menu in the top left corner of your computer, select ‘System Preferences,’ click ‘Software Update’ and download the new update.