First reaction: doesn’t matter unless you’re Taylor Swift, Kim Kardashian, or a politician making sure state secrets are kept that way – secrets.
Second thought: it’s still not cool knowing that such a FaceTime vulnerability exists.
Salesforce security engineer Martin Vigo is credited for finding the security flaw, ID-ed CVE-2016-4635.
Hey @AppleSupport, please reach out to the product security team regarding 640960976. Update requests on several confirmed vulns are ignored
— Martin Vigo (@martin_vigo) July 18, 2016
The flaw has since been (supposedly) patched, according to Apple’s iOS 9.3.3 update page.
FaceTime
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated
Description: User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.
In one sentence: someone can continue listening to you even after your FaceTime call has ended (or you think has ended).
For sure, you’ve seen the update notification on your iOS devices, as well on El Capitan. If you haven’t updated yet, then here’s a solid reason why. Especially if you use FaceTime for calls other than keeping in touch with grandma.
