Does the FaceTime eavesdropping bug affect iOS11 devices?












2















According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.



Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?










share|improve this question




















  • 1





    The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.

    – bmike
    yesterday













  • I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)

    – Vladimir
    yesterday
















2















According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.



Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?










share|improve this question




















  • 1





    The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.

    – bmike
    yesterday













  • I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)

    – Vladimir
    yesterday














2












2








2








According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.



Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?










share|improve this question
















According to CNN Business the FaceTime eavesdropping bug affects iOS 12.1 with group calling, but I'm wondering if anyone was able to reproduce a variant of this bug on pre-iOS12? CNN Business seems to suggest it can be reproduced even in one-on-one calls, but I'm not sure how reliable their tech articles are.



Is anyone aware of this, or a similar eavesdropping bug, being reproduced on older iOS versions?







bug facetime






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited yesterday







Vladimir

















asked yesterday









VladimirVladimir

363112




363112








  • 1





    The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.

    – bmike
    yesterday













  • I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)

    – Vladimir
    yesterday














  • 1





    The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.

    – bmike
    yesterday













  • I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)

    – Vladimir
    yesterday








1




1





The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.

– bmike
yesterday







The tense is wrong. The bug hasn’t been active since 2019-01-28 in the afternoon pacific time. Also, asking for the absence of reports of vulnerabilities is hard and ends up being a yes/no situation. Hopefully votes and references help out if anyone says “yes” iOS 11 is vulnerable or can back it up if so.

– bmike
yesterday















I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)

– Vladimir
yesterday





I believe the tense is correct. Consider this: eventually apple will reenable the feature once they release a bug fix, but this fix will only come out on 12.1.x, so any pre-iOS 12 devices could potentially become vulnerable again. (For the sake of not derailing the discussion, let's assume a particular device can't upgraded to 12.x for whatever reason and must remain on 11.x.)

– Vladimir
yesterday










1 Answer
1






active

oldest

votes


















5














There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.



As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.



Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.



Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.



Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.






share|improve this answer










New contributor




Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.

    – Vladimir
    yesterday











  • I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.

    – Vladimir
    yesterday








  • 1





    gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found

    – Matt Mills
    yesterday






  • 1





    I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.

    – bmike
    yesterday











  • Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.

    – Vladimir
    yesterday











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "118"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f350461%2fdoes-the-facetime-eavesdropping-bug-affect-ios11-devices%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









5














There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.



As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.



Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.



Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.



Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.






share|improve this answer










New contributor




Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.

    – Vladimir
    yesterday











  • I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.

    – Vladimir
    yesterday








  • 1





    gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found

    – Matt Mills
    yesterday






  • 1





    I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.

    – bmike
    yesterday











  • Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.

    – Vladimir
    yesterday
















5














There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.



As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.



Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.



Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.



Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.






share|improve this answer










New contributor




Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





















  • Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.

    – Vladimir
    yesterday











  • I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.

    – Vladimir
    yesterday








  • 1





    gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found

    – Matt Mills
    yesterday






  • 1





    I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.

    – bmike
    yesterday











  • Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.

    – Vladimir
    yesterday














5












5








5







There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.



As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.



Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.



Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.



Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.






share|improve this answer










New contributor




Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










There are no public vulnerabilities for iOS 11 being affected by this specific bug or any of similar function or scope.



As far as the bug from late January on iOS 12 - Group FaceTime is disabled globally since 1/28 so no devices are vulnerable.



Before the service was suspended, only devices with Group FaceTime capabilities could be exploited or considered vulnerable.



Devices on iOS 11 were not affected and won’t be until/unless that feature is added to an update to iOS 11.



Looking back, the steps to reproduce the bug involved dialing a contact via FaceTime, and before they picked up, dialing a second contact to initiate a Group FaceTime. So, anyone can convince themselves that the issue is mitigated and also test once the service presumably gets re-enabled on patched devices.







share|improve this answer










New contributor




Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer








edited yesterday









bmike

158k46284615




158k46284615






New contributor




Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered yesterday









Matt MillsMatt Mills

663




663




New contributor




Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Matt Mills is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.













  • Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.

    – Vladimir
    yesterday











  • I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.

    – Vladimir
    yesterday








  • 1





    gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found

    – Matt Mills
    yesterday






  • 1





    I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.

    – bmike
    yesterday











  • Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.

    – Vladimir
    yesterday



















  • Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.

    – Vladimir
    yesterday











  • I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.

    – Vladimir
    yesterday








  • 1





    gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found

    – Matt Mills
    yesterday






  • 1





    I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.

    – bmike
    yesterday











  • Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.

    – Vladimir
    yesterday

















Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.

– Vladimir
yesterday





Thanks, Matt. I was assuming the same, but seeing the CNN article I referenced, they mentioned it's reproducible with one-on-one calls.

– Vladimir
yesterday













I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.

– Vladimir
yesterday







I'm hoping that someone can give a concrete yes or no, hopefully with references to research done by some security company or themselves. I was not able to find such information, hence reaching out on here.

– Vladimir
yesterday






1




1





gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found

– Matt Mills
yesterday





gotcha! Sorry I don't have more info at the moment but I'll keep my eyes peeled and add more here if found

– Matt Mills
yesterday




1




1





I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.

– bmike
yesterday





I’ve edited this to be more conclusive. Apple’s statement to the press is very clear - it was reported, but not escalated internally to the correct groups. Within hours of the correct escalation, the bug was disabled globally until patches and fixes can be tested and rolled out.

– bmike
yesterday













Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.

– Vladimir
yesterday





Thank you, @bmike! I agree, that makes sense. It's curious what would happen once apple reenables group chat after the fix goes in. What would happen if an iOS 12 device (without the bug fix) tries to initiate a group chat with an iOS 11 device after apple reenables the service? These kind of questions are left unaddressed in apple's official communication, but I hope security analytics firms are looking into them.

– Vladimir
yesterday


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Different!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fapple.stackexchange.com%2fquestions%2f350461%2fdoes-the-facetime-eavesdropping-bug-affect-ios11-devices%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

"Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

Alcedinidae

Origin of the phrase “under your belt”?