9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
77.8%
Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge.
The Facetime bug (CVE-2019-6223) was discovered by 14-year-old Grant Thompson of Catalina Foothills High School while he was trying to set up a Group FaceTime session with his friends.
Thompson reported the bug to the company a week before it made headlines across the internet, forcing Apple to temporarily disable the group calling feature within FaceTime.
In its advisory published Thursday, Apple described the bug as βa logic issue existed in the handling of Group FaceTime calls,β that also impacted the group FaceTime calling feature on Appleβs macOS Mojave 10.14.2.
Along with Thompson, Apple has also credited Daven Morris of Arlington, Texas, in its official advisory for reporting this bug.
According to media reports, Apple has confirmed to βcompensateβ the family and help towards the teenagerβs future education costs as part of its Bug Bounty program, though it is unclear how much the company is going to pay.
The iOS 12.1.4 update also patches three more security vulnerabilities, two of which were also reportedly being exploited in the wild, confirmed by Google Project Zero researchers, who discovered and reported these vulnerabilities to Apple. The last bug was also related to FaceTime.
If you havenβt yet, you are highly recommended to update your Apple devices with iOS 12.1.4 release, which is available for the iPhone 5S, and later, iPad Air and later, and iPod touch 6th generation.
To run the update on your iPhone, iPad or iPod, just go to Settingsβ General β Software Update and click the βDownload and Installβ button.
If you are a Mac owner, you should also install the new macOS Mojave 10.14.3 update on your computer that also fixes three of the four vulnerabilities briefed above, including the FaceTime issues.
To update your Mac computer, just go to Apple menu in the top left corner of your computer, select βSystem Preferences,β click βSoftware Updateβ and download the new update.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
77.8%