In addition to resolving the catastrophic eavesdropping issue with group FaceTime, Apple has also uncovered—and fixed!—a vulnerability in the Live Photos feature within FaceTime.

As you know, group FaceTime servers were brought back online following releases of the iOS 12.1.4 software and the macOS Mojave 10.14.3 Supplemental Update.

“A thorough security audit of the FaceTime service uncovered an issue with Live Photos,” according to Apple’s security notes for iOS 12.1.4 and macOS Mojave 10.14.3.

“The issue was addressed with improved validation on the FaceTime server,” it explained.

With Live Photos support in FaceTime, users can easily take a Live Photo of the person they’re speaking with during a video call (provided the other side gave their permission).

Taking a Live Photo of a FaceTime video chat

Both you and the person you’re calling via FaceTime must be using macOS 10.13 or macOS 10.14.2+ (or iOS 11 or iOS 12.1.1+) in order to capture a Live Photo of the call.

The Cupertino technology powerhouse has provided more clarity regarding the Live Photos FaceTime bug in a statement yesterday to Business Insider:

Today’s software update fixes the security bug in group FaceTime. We again apologize to our customers and we thank them for their patience.

In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security.

It continued:

This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.

For security reasons, Apple will keep group FaceTime unavailable on iOS 12.1.3 or earlier devices and on Macs with the macOS 10.14.3 Supplemental Update. The feature is disabled on beta 2 of iOS 12.2 and macOS Mojave 10.14.4 but Apple is likely going to include a fix in beta 3.

Updating your iPhone, iPad and iPod touch to iOS 12.1.4 is all it takes to resolve the eavesdropping issues. On your Mac, you must install the macOS Mojave 10.14.3 Supplemental Update which updates the build number of macOS to 18D109.

“If you update to macOS Mojave 10.14.3 and your macOS build is not 18D109, make sure you also install the Supplemental Update,” Apple advises.

Keeping true to its promise, the Cupertino company will compensate the 14-year-old kid who figured out that the sketchy eavesdropping flaw existed.

iDownloadBlog.com