Apple today issued software updates that fix a recently exposed Group FaceTime bug that would allow a caller to access your audio even if you don't pick up the call.
The teenager who found the bug while trying to set up a Group FaceTime session with friends, Grant Thompson, got an official acknowledgement from Apple in two advisories on the bug (CVE-2019-6223)—one for macOS Mojave 10.14.3 and other for iOS 12.1.4.
Apple described the flaw as a logic issue in how Group FaceTime handles calls, and that it had been filed "with improved state management." The patches came along with other security fixes, including another FaceTime service issue with Live Photos in FaceTime. "The issue was addressed with improved validation on the FaceTime server," Apple said in its advisory.