Apple has closed the Group FaceTime security bug that put users at risk of eavesdropping.
The company said in a statement Friday that it has fixed the vulnerability on its servers and that it will issue a software update to re-enable Group FaceTime next week.
The bug had meant that any Apple device — including iPhones, iPads and Macs — could inadvertently or intentionally be turned into a listening device. It was all in how you entered the number of someone you were looping into the video chat. Group FaceTime, which arrived with iOS 12.1 at the end of October, allows up to 32 people to be on the same call.
Apple also apologized to users who were affected.
“We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us,” the company said.
The bug was another black eye for a company that prides itself on its efforts to protect its users’ information. CEO Tim Cook has advocated for more privacy regulation and taken subtle shots at companies that use our data to create personalized ads.
It didn’t help matters that Apple missed an opportunity to fix the problem more promptly.
In its statement, Apple thanked the Thompson family for reporting the bug. Michele Thompson’s teenaged son had discovered the vulnerability while playing Fortnite, CNET reported, and she spent a week trying, through a variety of means, to get the company to pay attention.
“I tried my best to report it to them, and they didn’t listen,” Thompson told CNET.
The bug allowed FaceTime users to call another device and hear audio on the other end before the recipient answered the call. That is, it turned the device into a hot mic without the user’s knowledge.
In an awkward turn of events, the news broke on Data Privacy Day.
Apple said it’s working on improving its process for receiving and escalating tips.
Here’s Apple’s full statement:
We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process. We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.