+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Apple ran a 'thorough security audit' on FaceTime after the catastrophic eavesdropping bug, and found a second flaw

Feb 8, 2019, 01:10 IST

AP
AP

Advertisement
  • Apple performed a "thorough security audit" of its FaceTime service and found a bug related to moving photos.
  • A major FaceTime flaw discovered last week gave anyone with FaceTime the ability to listen in on other people's iPhones.
  • Congress is asking questions about when Apple knew about the bug and what it did about it.
  • "In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security," Apple said in a statement.

The latest software update for iPhones and iPads re-enables Apple's Group FaceTime service.

The group video-calling feature was turned off last week after a flaw was discovered that could enable a bad actor to listen in on other people's iPhones before they picked up the FaceTime call. The software update released on Thursday fixes that.

But that's not the only flaw that Apple fixed in FaceTime. Apple performed a "thorough security audit" on its FaceTime software, according to the company's security disclosures, and found an additional problem.

"A thorough security audit of the FaceTime service uncovered an issue with Live Photos," Apple said in the disclosure. "The issue was addressed with improved validation on the FaceTime server."

Advertisement

"Today's software update fixes the security bug in Group FaceTime," Apple said in a statement to Business Insider. "We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security."

It continued: "This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS."

The disclosure of the additional FaceTime flaw is notable given that last week's Group FaceTime revelation led to investigations, class action lawsuits, and a congressional inquiry.

The congressional inquiry from House Energy and Commerce Chariman Frank Pallone and Representative Jan Schakowsky asks several questions directly to Apple CEO Tim Cook.

In the letter, the two Democrats ask if "there are other undisclosed bugs that currently exist and have not been addressed."

Advertisement

The congressmen also ask Cook to "provide a timeline of exactly what steps were taken and when they were taken to address the vulnerability after it was initially identified."

The fact that Apple conducted a security audit of FaceTime after the original flaw became public may be relevant to how various governments and investigators address the fallout from the Group FaceTime bug.

NOW WATCH: Netflix copycats are changing the streaming game and making viewers pay the price

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article