Apple has acknowledged a recently publicised bug in their FaceTime app, which inadvertently allows a caller to eavesdrop on the person they are calling.
The bug appears to take effect when both the caller and the recipient are running iOS version 12.1 or newer. It allows the caller to hear audio through the recipient's device before they answer the call, and in addition if the recipient presses the power button then video is also sent to the caller. All of this is done without the knowledge of the recipient.
Tweet— Twitter API (@user) date
The security flaw relates to the FaceTime group chat function, and according to 9to5Mac, who first reported the bug, the flaw is easy to execute. All you need to do is start a video call through FaceTime, and while the call is dialling you swipe up to add a person to the chat. You then add your own number, and you will be able to hear the audio of the call recipient before they pick up the call. To the caller it appears as if the other person has joined the group chat, but to the recipient their device is ringing on the lock screen.
Apple has now acknowledged the security flaw and is taking steps to patch it. In the meantime, they have made the Group FaceTime function temporarily unavailable.
Source: Apple System Status
The bug is expected to be fixed later this week.
The timing of this bug becoming public is certainly unfortunate, since today is National Privacy Day in the USA. Tim Cook, CEO of Apple, shared a somewhat ironic tweet today, saying that "We must keep fighting for the kind of world we want to live in. On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections. The dangers are real and the consequences are too important."