Apple has turned its Group FaceTime feature back on following the release of iOS 12.1.4 for iPhone, iPad, and iPod touch. Apple manually disabled the feature over a week ago after a privacy bug was discovered with Group FaceTime that allowed eavesdropping between FaceTime users.
By taking the server that handles Group FaceTime calls offline on January 28th, Apple prevented anyone from taking advantage of the privacy bug after it was publicly disclosed.
The bug allowed you to hear audio captured by the device of the person you were calling after you added yourself to a Group FaceTime call before they answered. Video of the call recipient would also be sent without permission if they declined the call with the power button on the iPhone or iPad.
Today’s iOS 12.1.4 software update includes a fix for the eavesdropping bug which has allowed Apple to take Group FaceTime back online. Apple details the security updates included in iOS 12.1.4 here. While the release notes for the software update don’t specifically mention FaceTime, the security document for the update does, including a credit for the teenager who discovered the bug:
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX
Apple says a security audit to FaceTime also uncovered a security issue with Live Photos on FaceTime.
As for customers on older software versions, Group FaceTime will remain disabled despite the server that handles calls going back online. This step is a precaution that will protect customers who haven’t updated to the latest version of iOS yet while allowing customers who have updated to continue using Group FaceTime.
Apple’s latest iOS 12.2 software beta for developers and public beta testers should include the same fix, and Mac users should look for a supplemental update to macOS 10.14.3 out today as well — although your mileage may vary on the Mac; Group FaceTime is still not working for us in testing after updating including on the latest macOS 10.14.4 beta.
Group FaceTime enables video calls between up to 32 devices, marking the first time FaceTime video calls have expanded between one-on-one calls. Apple initially demoed the feature as part of iOS 12 last summer, then delayed the feature until iOS 12.1 later in the year.
Group FaceTime will now require iOS 12.1.4 or later to work, disabling the feature on iOS 12.1 through iOS 12.1.3 which were all affected by the bug.