Updated: Added Apple’s statement about the release.
Group FaceTime bug that allowed a caller to hear their recipient before they pick up has been addressed.
When the exploit was first publicized on the evening of January 28, Apple rushed to address it, promising a fix “later this week” and disabling the ability to make Group FaceTime calls on the server side. On Friday, February 1, it issued a statement apologizing for the bug and bumping the software update to the following week.
Apple has now released iOS 12.1.4, which promises to fix the Group FaceTime bug. It’s a serious bug that can affect your privacy, and we recommend all users update soon.
To download the update to your iPhone or iPad, open Settings, tap General, then tap Software Update. If you don’t see the update right away, try again in an hour or so—it can sometimes take a short while to appear for all users around the globe.
Apple issued the following statement just after releasing the update:
Today’s software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.