Site icon The IT Nerd

A Great Reason To Update Your Apple Watch, iPhone, and Mac ASAP: Apple Fixes A FaceTime Bug That Appears To Be Very Serious


Apple as many of you are aware released a number of software updates today. Specifically:

I spent part of my day reading through the security info of all these updates. That is something that I do as a matter of course because it helps me to judge if I need to install an update now or if it can wait a day two. And after reading through the security info, users of following OSes should update ASAP

The reason being is that all of these OSes share a FaceTime bug in common. Specifically this one (copied from this page related to watchOS 5.3.4):


Available for: Apple Watch Series 1, Apple Watch Series 2, Apple Watch Series 3, and Apple Watch Series 4 when paired to a device with iOS 12 installed

Impact: Processing malicious video via FaceTime may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2019-8830: Natalie Silvanovich of Google Project Zero

The key part is that this was reported by Google’s Project Zero team. Now Google Project Zero doesn’t report trivial bugs. They only report the most serious ones. Thus whatever this bug that allow “arbitrary code execution” from a malicious video via FaceTime has to be pretty serious. Which means that you by default must take it seriously because there’s a very good chance that if it isn’t already being exploited, it will be now.

As an aside, in case you are wondering why watchOS is on this list, the Apple Watch Walkie Talkie feature uses FaceTime audio, and it has historically been buggy.

Thus if I were you, I would set aside some time to update your Apple Watches, iPhones running iOS 12 or 13, and Macs running Catalina ASAP as there is likely a clear and present danger that you need to protect yourself from.

UPDATE: Macrumors is reporting that another serious flaw that is related to AirDrop on iOS has been fixed. That’s another reason to update ASAP. Strangely, this issue isn’t listed in the security info for iOS 13.3. Nor is it listed in the release notes for iOS 13.3. Strange.

Exit mobile version