With the release of OS X El Capitan version 10.11.6 and Security Update 2016-004 for Macs and iOS 9.3.3 for iPhones and iPads, Apple has patched up a bug on FaceTime that allows attackers to eavesdrop on the conversations of their targets.
FaceTime's vulnerability allowed attackers to maintain an audio connection in what appeared to be an ended call on the communication feature.
In the changelogs posted by Apple for the OS X El Capitan version 10.11.6 and iOS 9.3.3 updates, the company notes that the impact of the vulnerability was that attackers in a "privileged network position" would be able to make an ended FaceTime call to continue the transmission of audio, while making it appear as if the call has been terminated.
It was not specified whether the vulnerability was found on both video calls and audio calls initiated through FaceTime, or if it was limited only to one of the formats.
According to Apple, the bug was caused by inconsistencies that were present in the user interface for handling relayed calls. The vulnerability was patched through an improvement applied to the display logic of the communication feature.
The bug was reported to Apple by security researcher Martin Vigo. Through the bug's description, the flaw seemingly allowed man-in-the-middle attackers to jump into FaceTime calls, which is concerning for users who regularly use the feature in public Wi-Fi hotspots.
The vulnerability has been assigned the identifier CVE-2016-4635 in the Common Vulnerabilities and Exposures database. Details on the bug have been scarce, but this is standard practice as the CVE would be looking to thwart any attackers who might be looking to fix the issue before it was fixed by the manufacturer of the software where the issue was discovered.
The changelogs for the OS X El Capitan version 10.11.6 and iOS 9.3.3 updates referred to many other vulnerabilities that have been assigned with CVE identifiers, along with the attribution to the security researchers who discovered them.
The fix on the FaceTime vulnerability was a part of several major updates pushed out by Apple for its platforms. In addition to the update for OS X El Capitan and iOS 9, Apple also released the tvOS 9.2.2 and watchOS 2.2.2 updates, which are for the Apple TV and Apple Watch, respectively.
FaceTime recently had problems with OS X El Capitan version 10.11.4, with Mac users who updated to that particular version back in March finding that they were unable to log in to the communication platform, including Apple's messaging feature iMessage.