We began seeing a handful of visits from devices running an iOS 12.1.4 update on January 29, the day after the bug was widely publicized and spread across the internet.
Apple on Monday said that a software fix for the issue would come “later this week,” but now that it’s Thursday, there’s not a lot of time left. Apple could still release the update later today, but if not, Friday morning is the likely target launch date.
The FaceTime eavesdropping bug allowed iPhone users to exploit a privacy-invading Group FaceTime flaw that let one person connect to another person and hear conversations (and see video, in some cases) without the other person ever having accepted the call.
Apple has put a stop to the FaceTime bug by disabling Group FaceTime server side, leaving the feature unavailable, but questions remain about how long the bug was accessible and how long Apple knew about it before attempting a fix.
The mother of the teenager who originally discovered the bug shared convincing evidence that she contacted the Cupertino company as early as January 20. She did not receive a response from Apple despite sending emails and a video.
It’s not clear, therefore, when the right team at Apple learned of the bug and when work on a fix was started. We did not see signs of iOS 12.1.4 in our analytics data prior to January 29, but it’s possible Apple was working on a fix earlier than that.
The multi-day wait for an official solution to perhaps one of the worst Apple-related privacy bugs we’ve seen, however, does suggest that development on iOS 12.1.4 did not start too far ahead of when the bug went public.