Fixes Group FaceTime privacy bug

Apple today released iOS 12.1.4.

Apple has been criticized for the delay in responding and has promised to improve procedures.

Apple's bug bounty policy has led one security researcher to withhold details on a password-stealing vulnerability in the MacOS operating system. Apple has issued iOS 12.1.4 and macOS 10.14.3 to users through their software update tools a little later than expected.

Over a week ago, it was discovered that 3rd party callers could potentially eavesdrop via FaceTime if they initiate a Group FaceTime without having you to accept the call.

The bug enabled interlopers to turn an iPhone into a live microphone while using Group FaceTime.

Apple initially said it would release updates to macOS and iOS addressing the flaw within a few days of its public disclosure.

While that's great news for iPhone users, the kid who found the bug, 14-year-old Grant Thompson, has even more reason to celebrate. News of the bug first hit last Monday, (Jan. 28), and Apple disabled Group FaceTime later that night, to prevent users from being spied upon.

The bug was present in Apple devices running iOS 12.1 or later, as well as Macs running Mojave. However, the ability to add new participants to a FaceTime call by swiping up the screen wasn't available at the time of filing this story. The CVE-2019-7286 vulnerability is apparently a "memory corruption issue" that potentially allowed "an application to gain elevated privileges", with a different "memory corruption issue" referenced as CVE-2019-7287 as it opened the door for "an application to execute arbitrary code with kernel privileges".

Your device will now download and install the update and restart your device.

Launch System Preferences and open Software Update. Grant also gets a namecheck in the iOS update's developer notes.