Apple Faces FaceTime Security Questions As It Releases Bug Fix

Apple has released a fix for a FaceTime flaw that allowed users to eavesdrop on other individuals’ iPhones, as it faces pressure from the US House of Representatives over its handling of the bug.

The company late on Thursday released an iOS update, version 12.1.4, that fixes the flaw.

It disabled Group FaceTime last week to ensure the eavesdropping flaw would not be exploited before the patch became available.

But Apple faces questions over its initial delay in addressing the issue after being notified by the mother of the 14-year-old boy who discovered the bug.

Delay

Apple only responded by disabling Group FaceTime a week later, when the FaceTime flaw was reported in mass media.

The company said in a statement last week that it disabled Group FaceTime “as soon as our engineering team became aware of the details necessary to reproduce the bug”.

But it also promised to improve the processes it uses to escalate bug reports.

The flaw meant that when Group FaceTime was enabled whilst a FaceTime call was being put through, users could listen in via the receiver’s iPhone microphone while the call was ringing, without the receiver’s knowledge.

Apple’s handling of the matter has already attracted one lawsuit and an investigation by New York state officials.

Government questions

In addition, the US House of Representatives’ Energy and Commerce Committee sent Apple a letter on Tuesday asking for written answers to a series of questions on its handling of the FaceTime issue and other bugs.

“To date, we do not believe Apple has been as transparent as this serious issue requires,” the committee wrote.

The committee asked whether Apple knew about the FaceTime flaw before being notified and, if so, when it became aware of the bug.

It asked for a timeline of the steps Apple took after identifying the issue; for details of how Apple tests its products for vulnerabilities before releasing them to the public; and why it took so long to disable Group FaceTime after initially being notified.

The committee also asked if Apple knows of any other undisclosed buts that could similarly give unauthorised access to iOS devices’ microphones or cameras.