Apple Clears FaceTime, Shortcuts Holes

Monday, February 11, 2019 @ 04:02 PM gHale

It’s time to take a stroll in the Apple patch as the technology giant released iOS 12.1.4, which fixes issues that allowed users to view others by activating a group FaceTime call.

With a company that prides itself on security, the issue was fairly simple for an attacker leverage.

RELATED STORIES
Leveraging Hole in Siri Shortcuts
Mac Malware is a Cookie Thief
Faux Job Posting Finds Victims
Russia, China can Disrupt Critical Infrastructure

As a quick reaction, Apple stopped the feature at the server end while it developed a fix.

Following the rollout of iOS 12.1.4, Apple will switch group FaceTime calls back on, but only for those who have applied the update. Group FaceTime will remain disabled for all iOS users running iOS 12.1.3 or earlier.

The recommended way to update your devices is to tap Settings > General > Software Update and carry out the update from there. You will need Wi-Fi access and your battery to be charged above 50 percent, or the device will need to be connected to a charger.

Alternatively, if you have Automatic Updates enabled (you can find this setting in Settings > General > Software Update), then you can just wait for it to automatically download and install.

In addition, Apple released Shortcuts 2.1.3 which handles vulnerabilities in Shortcuts 2.1.2 for iOS. In one case a local user may be able to view sensitive user information because of a parsing issue in the handling of directory paths was addressed with improved path validation.

Another vulnerability was a sandboxed process may be able to circumvent sandbox restrictions. An access issue was addressed with additional sandbox restrictions.



Leave a Reply

You must be logged in to post a comment.