A serious bug has been discovered in Apple’s Group FaceTime multi-person video chat technology. It allowed someone to call you via FaceTime and then, with just a few simple (but convoluted) steps, listen in on audio from your iPhone, iPad, or Mac while the call is ringing, before you have accepted or rejected it. To prevent the problem from being exploited, Apple says it has disabled Group FaceTime and promises a fix “later this week.”
Fortunately Group FaceTime is a new feature with iOS 12.1, so few people rely on the feature and this temporary shutdown will inconvenience only a small number of users.
Typically security flaws are submitted and the software developer is given 90 to 120 days to make a fix before the flaw is disclosed to the public. This gives the developer time to properly fix the bug but they are still given a deadline so that they don’t ignore it. However, this person posted their findings on Twitter just ten days after alerting Apple to the problem. Either they are not aware of the “responsible disclosure” guidelines or, just as likely judging by the way they made their announcement, they were looking for notoriety in trying to get picked up by Fox News.