The FaceTime bug that allowed iPhone users to use FaceTime Groups to surreptitiously eavesdrop on any other FaceTime user will be getting an official fix from Apple next week.
Apple also thanking Grant Thompson, a 14-year-old kid who discovered the bug while trying to set up a FaceTime group to play Fortnite. Thompson’s mother reported the bug to Apple a week before it was widely known, but while Apple’s security team exchanged a few emails, it took no action until Twitter and Snapchat users began showing how easy it was to listen in or even see video from other iPhone users’ phones, at which point Apple quickly shut down the servers for FaceTime Groups.
We have fixed the Group FaceTime security bug on Apple’s servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone’s patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
Apple may still be facing further headaches from the FaceTime bug. A lawyer in Texas is suing the company, saying the bug allowed for people to overhear sworn testimony. New York Attorney General Letitia James has also announced that her office plans to investigate the bug and whether Apple was tardy in its response.
“This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years,” said James in a statement. “New Yorkers shouldn’t have to choose between their private communications and their privacy rights.”