A major security loophole surface today within Apple’s FaceTime feature. This allowed users to snoop in on people before they picked up the call.
With this bug, users could call their FaceTime contacts and receive audio from them before the person answered the call without the receiving party knowing anything about this.
The bug worked in a very specific way so it’s not on every single call you make or receive, but it was easy enough to make it happen. You first had to call one of your contacts on FaceTime. Then, you had to create a Group FaceTime call by adding yourself as a third party in the call before the second person replied. This caused the audio feed from the person you were calling to be audible at your end even before they answered the phone, making it very easy to hear everything that was happening around their phone.
People tried this glitch by calling Macs and it worked in that case as well.
As mentioned before, you have to go through a specific series of steps before you can trigger the bug. Also, you are sort of relying on the other person not answering quickly before you can snoop on them. Regardless, this is a pretty significant lapse in Apple’s security system and could put its users in compromising situation.
For now, Apple has put the Group FaceTime feature offline, thereby making it impossible to exploit this glitch as of this writing. Until then the only way to protect yourself was to switch off FaceTime entirely from Settings.
Apple has also promised a software update later this week that will patch the issue.
Source 1 Source 2