ios1214.jpg
(Credit: Lance Whitney)

Apple has finally fixed a serious FaceTime bug that created privacy fears, triggered a lawsuit and prompted a concerned letter from a congressional committee.

SEE: 6 video chat apps to use instead of FaceTime

Released on Thursday, iOS 12.1.4 resolves the recent flaw in which a person could listen in on another party through FaceTime without the call even being connected. In its description of the bug fix, Apple said simply that a "logic issue existed in the handling of Group FaceTime calls" and that the issue was "addressed with improved state management." In its report, the company also gave credit for finding the bug to 14-year-old Grant Thompson, whose mother said she spent a week trying to convince Apple to pay attention to the discovery.

The FaceTime flaw has been a serious one for Apple. The idea that someone could eavesdrop on another person by using Apple technology has raised privacy concerns. The bug has already prompted at least one lawsuit. A congressional committee sent a letter to Apple CEO Tim Cook with questions and concerns over the company's handling of the matter. In particular, Apple has been faulted for not responding quickly enough to the bug after the initial reports from Grant Thompson's mother.

Apple took a number of steps before fully fixing the problem in iOS 12.1.4. The company initially disabled the Group FaceTime feature as a temporary measure. Apple then announced that it had resolved the issue on the server side and would be deploying a customer-side fix this week. In a statement, the company apologized to affected customers and promised to improve the process for receiving and escalating bug reports.

"We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us."

iOS 12.1.4 addresses a few other bugs, including one that affected Live Photos in FaceTime and two that concerned Apple's developer frameworks for IOKit and Foundation.

With the release of iOS 12.1.4, Apple issued another statement apologizing for the FaceTime bug but also revealing the security hole in Live Photos for FaceTime.

"Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and MacOS."

FOLLOW Download.com on Twitter for all the latest app news.

Takeaways

  1. Apple has released iOS 12.1.4 with a fix for the FaceTime eavesdropping bug.
  2. The FaceTime bug has been a serious one for Apple, triggering privacy concerns, a lawsuit, and a letter from a congressional committee.

Read more

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books - "Windows 8 Five Minutes at a Time" and "Teach Yourself VISUALLY LinkedIn."