Researchers uncovered a critical bug in Apple iOS devices that could allow Facetime users to access the microphone and front camera of who they are calling even if the call recipient does not answer the call.
The bug was first reported by 9to5Mac which stated that the bug could allow Facetime users to listen to the audio of the person they are calling even before the recipient accept the call. Later, Buzzfeed reported that this bug allows Facetime users to access the front camera as well.
How can the bug be exploited?
This means that the Facetime caller could listen and watch the recipient without their knowledge.
The bug exists in iOS 12.1.2
BleepingComputer tested this bug and confirmed that this bug exists in iOS 12.1.2 version. However, when the researchers tested this bug against Apple Watch, they were not able to get the microphone working.
A Google Project Zero security researcher Natalie Silvanovich explained the theory behind this bug in a tweet, “Theory: FaceTime stores call participants in a list that doesn't allow duplicates, and uses the indexes for signaling. When the caller is added a second time, the entry at index 1 is set to answer, with the expectation that it is the caller.”
However, Apple stated that they were aware of this issue and are working on the fix which will be released in a security update later this week.