Apple has patched one of its creepiest vulnerabilities ever—a flaw in its FaceTime messenger app that made it possible for people to eavesdrop on audio and video captured by iPhones and Macs.
The bug in Group FaceTime, a feature that allows conference-call-style chats, made it trivial for someone to eavesdrop on someone else simply by initiating a FaceTime call, swiping up and choosing “add person,” and entering their own number to add themselves as a participant in a Group FaceTime call. While people on the receiving end would see a call was coming through, they would have no idea that the person trying to connect could already hear nearby audio and, in many cases, see video.
Apple security under the microscope
Privacy advocates and ordinary users were shocked when details of the eavesdropping vulnerability first broke 10 days ago. When it emerged that the bug was discovered by a 14-year-old and that Apple had failed to act following multiple emails sent by the teen’s mother, people demanded answers. Since then, New York Attorney General Letitia James has launched a probe into the incident, according to Reuters. Some critics now refer to the bug as FacePalm.
from Biz & IT – Ars Technica http://bit.ly/2TAbRp2