Apple on Thursday released iOS 12.1.4, an update for iPhone, iPad, and iPod touch devices that fixes the Group FaceTime bug that allowed a FaceTime caller to monitor audio and video from a call recipient, even if they did not accept the FaceTime call.
The update also fixes a privacy bug found when a security audit of the FaceTime service uncovered an issue with Live Photos.
The new iOS 12.1.4 software can be downloaded to all compatible devices over-the-air by going to “Settings” -> “General” -> “Software Update” and following the prompts.
Apple’s release notes list the following fixes in iOS 12.1.4:
iOS 12.1.4
Released February 7, 2019
FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX
Foundation
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero
IOKit
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2019-7287: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero
Live Photos in FaceTime
Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation
Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos
Description: The issue was addressed with improved validation on the FaceTime server.
CVE-2019-7288: Apple