Quote:Apple has released security updates for iOS and macOS that fix a severe bug in FaceTime that allowed callers to listen in, and potentially view, the people they were calling without the call being answered.

Today, Apple has released iOS 12.1.4 and a macOS Mojave 10.14.3 Supplemental Update that fixes this FaceTime bug. According to the release notes, this bug was caused by a logic issue in how Group FaceTime calls were handled.

During the audit of FaceTime, Apple also discovered another bug in Live Photos that was related to FaceTime. Details of this new bug and how it could be exploited were not disclosed by Apple.

While they were at it, Apple also slipped in two other security updates in the iOS and macOS releases for vulnerabilities they found Foundation and IOKit that could lead to code execution or privilege escalation.