The Group FaceTime bug that set the internet on fire this week? Apple's sorry about that, and says they've figured out a fix that all iOS users can load next week. They also thanked the mom and 14 year old kid who struggled to alert Apple of the vulnerability.
Re-enable the feature after next week's software update, they say, and they promise better bug reporting practices.
The truly massive FaceTime bug allowed users' calls to be surveilled by others, even if the user didn't answer the incoming FaceTime call.
The vulnerability was discovered by a 14 year old in Arizona whose mom had a heck of a time trying to report it.
Apple told them to go get a developer account and submit a formal bug report.
That was the extremely wrong answer.
Here's Apple's full apology and statement:
We have fixed the Group FaceTime security bug on Apple's servers and we will issue a software update to re-enable the feature for users next week. We thank the Thompson family for reporting the bug. We sincerely apologize to our customers who were affected and all who were concerned about this security issue. We appreciate everyone's patience as we complete this process.
We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix. We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible. We take the security of our products extremely seriously and we are committed to continuing to earn the trust Apple customers place in us.
Excerpt from Todd Haselton for CNBC:
The company disabled group FaceTime as a temporary fix but said that a more permanent solution will roll out in a software update next week. Apple had originally said that a fix was coming this week.
Tweets from observers and reporters, below:
Apple apologizes, thanks family who originally reported the bug, promises to improve bug reporting practices. https://t.co/lW4bauBi5n
— Steve Kovach (@stevekovach) February 1, 2019
(Not that I care personally but) an apology after a few days of people pointing out there's been no apology is better than no apology at all! https://t.co/gqq6S3QK9N
— Zac Hall (@apollozac) February 1, 2019
— 9to5Mac.com (@9to5mac) February 1, 2019