UPDATE: Fortunately, not long after I posted the below message, Apple came out with a temporary fix — it completely disabled Group FaceTime. That means that you can now only FaceTime one person at a time, which removes the ability to take advantage of the flaw discussed below. I just tried to make the bug work (which I had no problem doing on Thursday night), and sure enough, I cannot make it work anymore. Apple says that it will have a more permanent fix later this week, which I presume will restore the Group FaceTime function.
Everything below the line was my original post on this topic. This was a major bug, but fortunately it did not last long, and hopefully it is now just one for the history books.
- - - - - - - - -
My hope is that this bug is fixed before many of you even have a chance to read this post, but if it hasn't been fixed yet, you should know about this. Yesterday it was revealed that there is a MAJOR bug in the latest version of FaceTime which allows someone to hear what you are saying even if you don't answer the FaceTime call. Benjamin Mayo of 9to5Mac has step-by-step instructions on how this bug works, but it is very easy to trigger. My son and I were able to replicate it last night on our iPhones.
In short, the caller sends you a FaceTime request, but then before you answer, the caller adds a second person to the FaceTime call — that second person being their own iPhone. This causes the caller to be able to hear the audio being picked up by your own iPhone even if you have not touched your iPhone or in any way accepted the FaceTime invitation. It's not quite as bad as allowing a third party to eavesdrop on you without any warning because your iPhone will ring first, but if you are in another room and didn't even hear the iPhone ring to begin with, it is possible that you might not realize that your iPhone was turned into a listening device.
Even worse, there is a way that the caller could see video from the front-facing camera on your iPhone, but I believe only if you press the power button on your iPhone.
This is a major flaw for everyone who uses an iPhone — but especially for lawyers, doctors, and many others for whom confidentiality and privilege are a big deal. And that's why I'm writing about this today, even though I hope that this post has a very short shelf life.
Apple says that a fix will be out later this week. In the meantime, if you want to protect yourself, you can open the Settings app, scroll down to FaceTime, and turn off FaceTime.
Also, if you leave your FaceTime turned on and you receive a FaceTime video invitation from someone, it appears that you can accept the invitation and then immediately hang up, and that prevents the caller from taking advantage of this bug.