This is a wild bug.
Full story
The bug in FaceTime allows users to dial one of their contacts and listen in to the recipient's microphone before the person actually answers the call. This can be accomplished by using the "add a person" feature after dialing the contact and then adding your own number as the other person.
Not even difficult to pull off.
Top comments (3)
A source on Twitter has stated that Apple has turned off the Facetime servers for all users and is working on a patch that will be released later in the week. As well as The Verge has come out with a post stating that it can be done with video calls.
I do have to wonder, Apple has been notoriously known for their exceptional security but with this issue coming to the surface could there be more exploits that are going to be found soon? Security researchers spend months if not years working on just one exploit (exclusively with Apple it can take a long time) but could this cause a purge of professionals trying to find more issues like this? Or even worse ones?
Security researchers should always be looking for the easiest entry point for an exploit, beginning with bugs in the UI like this Facetime one. You have to wonder how long this exploit existed before someone found it though. Perhaps people have become too trusting that Apple's core infrastructure is secure.
Trying to explain this to my non-tech friends and family has been a nightmare.