New FaceTime Bug Lets Callers Hear and See You Without You Picking Up (Jan 29, 2019)
An unpatched bug in Apple’s FaceTime application was discovered that allows a person initiating a call to hear or see the recipient before they accept the call. This could allow a user to call any iPhone number via FaceTime and eavesdrop, even when the call is not actively answered. The bug works on the latest iOS version: iOS 12.1.2, as well as macOS Mojave.
Recommendation: While Apple is developing a patch for this bug, they suggest that users temporarily disable FaceTime video calling on phones, tablets, and computers. Users should remain vigilant of a patch as soon as it is released and apply it immediately. Apple has disabled the feature on the server side, which will prevent exploitation of this flaw in the meantime.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.