One week after disabling Group FaceTime, Apple released iOS 12.1.4, an update to fix the software flaw that allowed users to eavesdrop on others while using FaceTime. In its advisory published Thursday, Apple described the bug as “a logic issue existed in the handling of Group FaceTime calls” that was addressed “with improved state management.”
The bug was discovered by Grant Thompson, a 14-year old boy in Tuscon, Arizona, while he was trying to set up a Group FaceTime session with his friends. Along with Thompson, Apple also credited Daven Morris of Arlington, Texas, in its official advisory for reporting this bug.
The iOS 12.1.4 update also patches three more security vulnerabilities:
- CVE-2019-7286: a memory corruption issue that could allow a malicious application to gain elevated privileges on the vulnerable Apple device.
- CVE-2019-7287: a memory corruption issue that could allow a malicious application to execute arbitrary code with kernel privileges.
- CVE-2019-7288: discovered by the Apple security team, this flaw is another FaceTime issue with Live Photos.
If you haven’t yet, we recommend that you update your Apple devices with iOS 12.1.4, which is available for iPhone 5s and later, iPad Air and later, and iPod Touch 6th generation.