Apple has released iOS 12.1.4 that addresses multiple vulnerabilities, to include a Group FaceTime bug discovered by an Arizona high school student and a security researcher from Texas.
The serious bug had been discovered late last month in FaceTime, Apple’s video and chat app for iPhones. The bug allowed a user to listen in on another iPhone user’s conversation before they pickup and without the recipient’s knowledge.
The story went viral on social media after Grant Thompson of Catalina Foothills High School in Tucson, AZ reported the bug to Apple.
According to the Apple security update, a logic issue existed in the handling of Group FaceTime calls. The FaceTime bug CVE-2019-6223 is now fixed with improved state management.
Three other vulnerabilities were also fixed in the latest iOS security udpate to include issues in Foundation (CVE-2019-7286), IOKit (CVE-2019-7287) and Live Photos in FaceTime (CVE-2019-7288).
Apple also released a new security update for macOS Mojave 10.14.3. The update also addresses the Group FaceTime bug and two other vulnerabilities.