A bug in Apple devices running iOS 12.1 or later could leave users open to eavesdropping through Facetime. When it was initially reported, audio was believed to be the only piece affected but now it is known to give access to the front camera as well. The bug begins to work when a user is called through Facetime. If the caller is able to add themselves to Group FaceTime before the recipient answers they will have access to audio. If the power button were to be touched to mute FaceTime, that would turn the front camera on.
Another method of accessing video was found as well. When the issue was replicated, it was discovered that if the call was joined through another device by invitation the camera could be accessed while the call was still ringing.
Although it was found to affect Apple products running iOS versions 12.1 and higher, it was tested on an Apple Watch, but the microphone was not able to be accessed. Apple is expected to address the issues with a patch later this week.
To see threat analysts notes and recommendations, sign up for Threat Watch by Binary Defense to receive daily threat intel.