Apple said on Friday it had fixed a security flaw in iPhones that allowed people to call another iPhone via FaceTime and listen in on conversations even if the recipient didn’t answer, resolving an alarming vulnerability that undermined the company’s public commitment to security. A software update will be released next week, the company said.
The new update will allow owners of iPhones, iPads and Mac computers to re-enable Group FaceTime, the feature that had allowed the potential eavesdropping, Apple said.
Apple’s response came four days after the flaw was widely reported, and nearly two weeks since the company was alerted by a concerned customer. This week, before fixing the bug, the company raced to disable Group FaceTime, which allows people to video chat with several people.
A 14-year-old Arizona boy discovered that he could listen to a friend via Group FaceTime on 19 January, even if the friend didn’t answer the call. His mother repeatedly tried to flag the issue to Apple but the company was slow to respond.
“We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix," an Apple spokesman said in a statement Friday. “We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible."
The incident was embarrassing for a company that regularly boasts about the safety of its products. Hours before Apple publicly acknowledged the bug — branded “FacePalm" by security researchers — on Monday, Tim Cook, the company’s chief executive, tweeted that “we all must insist on action and reform for vital privacy protections."
After the vulnerability became public, security researchers and politicians raised concerns about the security of Apple’s products. To pre-empt security attacks, in 2016 Apple started offering hackers a $200,000 bounty if they flagged bugs to the company. But some hackers have said the program has had a slow start because they can make more money selling the flaws on the black market.
To install the update when it is released, follow these steps for iPhones, iPads and Macs:
— On an iPhone or iPad, open the Settings app, then tap General and then tap Software Update. From here, download the newest iOS version, which is expected to be called 12.1.4. When the update is ready, choose Install Now. As a precaution, make sure your iPhone or iPad is plugged in to a power source when installing the update.
— On a Mac, open the App Store app. Then click on the Updates tab, and click Update next to MacOS Mojave. (If you are using an older version of the Mac operating system, you will not see this option and do not need to download the update.) When the download is finished, make sure your power cable is plugged in and restart the computer.