Today Apple has released iOS 12.1.4, which is a minor point update that fixes a bug that let users of its FaceTime video-chat service listen in on people before they accepted or rejected the call.
Apple also released a macOS Mojave 10.14.3 update that fixes the bug for Mac computer users.
The bug enabled users to access the audio and video of any iPhone running iOS 12.1 or later without being detected. The way it works is by going to a contact and starting a FaceTime call, swiping up and selecting “Add Person” and then enter your own phone number and add yourself to the call.
The bug was discovered by a 14-year-old boy in Arizona named Grant Thompson, who was trying to play video games with friends when he accidentally discovered the vulnerability. On January 20, Grant’s mom Michele Thompson wrote a tweet that she contacted Apple Support about the problem.
Apple acknowledged the issue and disabled Group FaceTime once the vulnerability gained a lot more attention.
The company also said it would contribute toward the education of the Arizona teenager who discovered the problem. The technology giant said it would compensate the Thompson family and make an additional gift toward 14-year-old Grant’s education.
Apple's update also patches a handful of other bugs, including two that Ben Hawkes, head of the Google Project Zero security research team, said had been "exploited in the wild as 0day." That means that actual hackers attempted to take control of iPhones via those vulnerabilities.
Zuk Avram, a cybersecurity expert and founder of Zimperium Labs, said the vulnerabilities were "local privilege escalations." That means they could've only been used by hackers who'd already found a way onto an iPhone, such as an attack over iMessage or FaceTime, for example.
"These bugs allow attackers to escalate privileges and gain complete access to the device," Avram added. "Once exploited an attacker can leverage such bugs to tap the microphone, phone calls, take photos or videos, see contact lists, messages and basically everything they desire."
Seperately, Apple is currently beta testing iOS 12.2. When that update is released, it will include new Animoji animals, a new Screen Mirroring icon in the Control Center, a full-screen Apple TV Remote Control Center interface, Air Quality Index reading in Maps, Apple News in Canada, a keyboard color picker and a few other features.
An iOS 13 update is planned for later this year with a redesigned home screen for iPads and a dark mode for better nighttime viewing.
New York officials seized on the FaceTime flaw and said they will investigate the company’s failure to warn consumers about the bug and its slow response. On Tuesday, the leaders of the House Energy and Commerce Committee and its subcommittee on consumer protection called the flaw “a significant privacy violation" and sent questions to Apple Chief Executive Officer Tim Cook about the issue.