I found some interesting discussion about this on (I think) HN. Apparently this is indicative that the connection and sharing of video/audio feed happens before the recipient accepts. I get the point of this - it takes some time to establish that connection, and they don't want users to have to wait those 1-2 seconds after clicking "accept". However, it really should just be worth that small connection time to completely shut off the chance of any more exploits of this caliber.
A source on Twitter has stated that Apple has turned off the Facetime servers for all users and is working on a patch that will be released later in the week. As well as The Verge has come out with a post stating that it can be done with video calls.
I do have to wonder, Apple has been notoriously known for their exceptional security but with this issue coming to the surface could there be more exploits that are going to be found soon? Security researchers spend months if not years working on just one exploit (exclusively with Apple it can take a long time) but could this cause a purge of professionals trying to find more issues like this? Or even worse ones?
Security researchers should always be looking for the easiest entry point for an exploit, beginning with bugs in the UI like this Facetime one. You have to wonder how long this exploit existed before someone found it though. Perhaps people have become too trusting that Apple's core infrastructure is secure.
Trying to explain this to my non-tech friends and family has been a nightmare.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.