iOS 9.3.3 Fixes Flaw That Allowed Attackers to FaceTime Eavesdrop
Posted on by Derek Erwin
Apple has just released fresh security updates for iPads and iPhones with its iOS 9.3.3 update, providing much needed security enhancements to boost user privacy. Apple’s iOS 9.3.3 security update is available for iPhone 4s and later, iPod touch (5th generation) and later, and iPad 2 and later.
iOS 9.3.3 addresses a combined 43 iOS vulnerabilities and, among these bugs, it fixes a FaceTime flaw that could have allowed attackers to eavesdrop on targets. The FaceTime vulnerability was assigned the identifier CVE-2016-4635; and, although details are limited, Apple’s security bulletin describes the issue as follows:
CVE-2016-4635 : An attacker in a privileged network position may be able to cause a relayed call to continue transmitting audio while appearing as if the call terminated. User interface inconsistencies existed in the handling of relayed calls. These issues were addressed through improved FaceTime display logic.
Martin Vigo, the security researcher who discovered the FaceTime flaw, acknowledged on Twitter that he was unable to disclose details about it when he spoke at Black Hat Europe last year due to other vulnerabilities that Apple was still working to fix.
@brokenfuses Indeed!You were 30 days faster than Apple in providing an update.Did not disclose yet bcs other related vulns still to be fixed
— Martin Vigo (@martin_vigo) July 18, 2016
As mentioned by Aaron Mamiit over at Tech Times, the vulnerability could have enabled attackers “to maintain an audio connection in what appeared to be an ended call on the communication feature.” However, Aaron said, “It was not specified whether the vulnerability was found on both video calls and audio calls initiated through FaceTime, or if it was limited only to one of the formats.”
Nonetheless, in Apple’s iOS 9.3.3 security bulletin, the company said the impact of the flaw provided attackers “in a privileged network position” the ability to make an ended FaceTime call to continue the transmission of audio, while making it appear as if the call was terminated.
To patch the iOS security bugs and protect your privacy on FaceTime, it’s a good idea to update to iOS 9.3.3 immediately to avoid potential security issues as noted above. Apple iOS users can download and install the 59.4 MB update through iTunes or through your device Settings (select General > Software Update).