Apple decided to completely disable FaceTime group calls while also addressing a serious security breach that allowed spying on its users. Obviously, the error was discovered by a 14-year-old American on January 19, but Apple ignored it or did not take immediate action until the press repeated the problem.
All you had to do was to call the user, press the “Add person” button and dial your phone number to confuse the system and listen to the other person’s microphone before he answered the call. On the other hand, if the caller decided to silence the call using the lock button, he activated his front-facing camera. With this, you can spy on live for any FaceTime user on both iOS and Mac.
By disabling the FaceTime group from the server side, Apple prevented more people from reproducing the error, but that's not all. On January 21, an Arizona woman, whom CNET identified as Michelle Thompson, tweeted the following message:
My teenager discovered a serious vulnerability in the latest version of iOS. You can listen through your iPhone or iPad without your permission. I have a video I sent an error report to @AppleSupport, but I'm still waiting for you to reply to send me the details. This is scary
Although tweet does not apply to FaceTime, this is the same error. According to CNET, the boy discovered the problem by coordinating the game. Fortnite with my friends on January 19th. He then told his mother what had happened, and spent several days trying to contact Apple to report it. In several e-mails, Michelle described the problem using issues such as "Important confidentiality error" and "Urgent security issue related to iOS 12.1.3." He also asked for a reward for his son as part of the program. bounty from the manufacturer of technology.
At least one of Michele Thompson’s letters sent January 22was ignored by Apple. Three days later, Michelle sent a formal notice to the company at email@example.com, as indicated on Apple’s security support website:
To report security or privacy issues that affect Apple’s web servers or products, contact us at firstname.lastname@example.org.
On Twitter, entrepreneur John H. Meyer made a video and official notice what the woman sent to Apple and what happened in detail
According to Meyer, Apple responded to a notification in which she asked a woman (a lawyer who does not have programming knowledge) to create an account on her developer platform and open a report on bugreport.apple.com. Woman created a ticket the same on January 25, but Apple still does not act immediately. The decision continued in production until January 28, yesterday, when the problem it became viral and he began to go out in the press.