Apple has acknowledged a bug in its FaceTime app allows users to hear the microphone feed from their contacts’ devices, even if the contact doesn’t pick up the call.
Exploiting this bug could allow a person to listen in to their target’s private conversations without the target knowing, and all they would need to do is FaceTime them.
After a video of the bug being exploited went viral on social media, Apple-focused news site 9to5Mac broke down the steps necessary to replicate it. It appears that the bug affects any device running iOS 12.1 or later, and can be exploited by starting a video call, then adding your own number as a third participant before the call is picked up.
The site also found that video calls to Mac were affected by the same bug, and that in certain circumstances an attacker could also get access to a target iPhone’s camera feed before it had picked up.