Does the FaceTime eavesdropping bug affect iOS11 devices?
According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.
Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?
bug facetime
asked Feb 3 at 18:51
VladimirVladimir
383112
add a comment |
According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.
Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?
bug facetime
asked Feb 3 at 18:51
VladimirVladimir
383112
1
The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.
– bmike♦
Feb 3 at 21:49
I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)
– Vladimir
Feb 3 at 22:27
add a comment |
According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.
Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?
bug facetime
asked Feb 3 at 18:51
VladimirVladimir
383112
According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.
Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?
bug facetime
bug facetime
asked Feb 3 at 18:51
VladimirVladimir
383112
asked Feb 3 at 18:51
VladimirVladimir
383112
edited Feb 3 at 20:22
Vladimir
asked Feb 3 at 18:51
VladimirVladimir
383112
asked Feb 3 at 18:51
VladimirVladimir
383112
asked Feb 3 at 18:51
VladimirVladimir
383112
383112
1
The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.
– bmike♦
Feb 3 at 21:49
I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)
– Vladimir
Feb 3 at 22:27
add a comment |
1
The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.
– bmike♦
Feb 3 at 21:49
I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)
– Vladimir
Feb 3 at 22:27
1
1
The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.
– bmike♦
Feb 3 at 21:49
The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.
– bmike♦
Feb 3 at 21:49
I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)
– Vladimir
Feb 3 at 22:27
I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)
– Vladimir
Feb 3 at 22:27
add a comment |
1 Answer
1
active
oldest
votes
There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.
As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.
Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.
Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.
Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.
edited Feb 3 at 21:47
bmike♦
160k46288623
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.
– Vladimir
Feb 3 at 19:54
I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.
– Vladimir
Feb 3 at 19:57
1
gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found
– Matt Mills
Feb 3 at 20:25
1
I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.
– bmike♦
Feb 3 at 21:48
Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.
– Vladimir
Feb 3 at 22:17
|
show 1 more comment
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "118"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f350461%2fdoes-the-facetime-eavesdropping-bug-affect-ios11-devices%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.
As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.
Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.
Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.
Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.
edited Feb 3 at 21:47
bmike♦
160k46288623
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.
– Vladimir
Feb 3 at 19:54
I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.
– Vladimir
Feb 3 at 19:57
1
gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found
– Matt Mills
Feb 3 at 20:25
1
I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.
– bmike♦
Feb 3 at 21:48
Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.
– Vladimir
Feb 3 at 22:17
|
show 1 more comment
There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.
As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.
Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.
Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.
Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.
edited Feb 3 at 21:47
bmike♦
160k46288623
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.
– Vladimir
Feb 3 at 19:54
I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.
– Vladimir
Feb 3 at 19:57
1
gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found
– Matt Mills
Feb 3 at 20:25
1
I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.
– bmike♦
Feb 3 at 21:48
Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.
– Vladimir
Feb 3 at 22:17
|
show 1 more comment
There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.
As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.
Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.
Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.
Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.
edited Feb 3 at 21:47
bmike♦
160k46288623
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.
As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.
Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.
Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.
Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.
edited Feb 3 at 21:47
bmike♦
160k46288623
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
edited Feb 3 at 21:47
bmike♦
160k46288623
edited Feb 3 at 21:47
bmike♦
160k46288623
edited Feb 3 at 21:47
bmike♦
160k46288623
160k46288623
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
answered Feb 3 at 19:46
Matt MillsMatt Mills
814
814
Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.
– Vladimir
Feb 3 at 19:54
I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.
– Vladimir
Feb 3 at 19:57
1
gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found
– Matt Mills
Feb 3 at 20:25
1
I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.
– bmike♦
Feb 3 at 21:48
Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.
– Vladimir
Feb 3 at 22:17
|
show 1 more comment
Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.
– Vladimir
Feb 3 at 19:54
I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.
– Vladimir
Feb 3 at 19:57
1
gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found
– Matt Mills
Feb 3 at 20:25
1
I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.
– bmike♦
Feb 3 at 21:48
Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.
– Vladimir
Feb 3 at 22:17
Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.
– Vladimir
Feb 3 at 19:54
Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.
– Vladimir
Feb 3 at 19:54
I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.
– Vladimir
Feb 3 at 19:57
I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.
– Vladimir
Feb 3 at 19:57
1
1
gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found
– Matt Mills
Feb 3 at 20:25
gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found
– Matt Mills
Feb 3 at 20:25
1
1
I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.
– bmike♦
Feb 3 at 21:48
I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.
– bmike♦
Feb 3 at 21:48
Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.
– Vladimir
Feb 3 at 22:17
Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.
– Vladimir
Feb 3 at 22:17
|
show 1 more comment
Thanks for contributing an answer to Ask Different!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f350461%2fdoes-the-facetime-eavesdropping-bug-affect-ios11-devices%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.
– bmike♦
Feb 3 at 21:49
I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)
– Vladimir
Feb 3 at 22:27