Major tech leaders like Twitter co-founder Jack Dorsey and Reddit co-founder Alexis Ohanian started warning their Twitter followers late Monday to disable FaceTime on their Apple devices in light of a major software bug that Apple has acknowledged.
As explained by 9to5Mac, the bug is pretty bad. It lets you initiate a call to anyone via FaceTime and to immediately start hearing audio from the other person you’re calling before they’ve either accepted or rejected the call. As if you’re just — turning on a microphone at will in the room of almost anyone you’d want to listen to. Apple actually disabled the Group FaceTime capability on Monday as it works on a fix, which the iPhone maker says is coming later this week via a software update.
Still, social media is unsurprisingly flooded with warnings from all corners that people need to disable FaceTime on their devices until that fix arrives.
And this one, from Twitter’s chief executive:
Apple’s disabling of Group FaceTime on Monday is a temporary fix ahead of the software update. Until it’s restored, you won’t be able to add your number to a Group FaceTime call, which was the cause of the bug in the first place. The way you produced the bug is by starting a FaceTime video call with an iPhone contact, and then swiping up from the bottom of the screen and tapping “Add Person” while the call is still dialing. You could then add your own number and then start hearing audio from the other end, even if the person hasn’t accepted the call yet.
It’s certainly not a good look for the company that aggressively touts itself as pro-privacy compared to Android, and it’s doubly unfortunate that this news broke a day before Apple is scheduled to report earnings for its fiscal first quarter, covering the typically busy holiday quarter that started in October. Apple’s full statement released about the FaceTime news reads thus: “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”
Reaction from the security community has been, predictably, pretty brutal. Here’s Eva Galperin, director of cybersecurity for the Electronic Frontier Foundation: