The bug made it easy for members to be added to a group call before they actually picked up
You might have missed the news about a FaceTime bug that was found about a year ago. The bug enabled anyone to start a group FaceTime call with one of your contacts, even if that person didn’t explicitly accept the call.
Apple disabled group FaceTime calls for a couple of days until it was able to issue a patch in iOS 12.1.4. Since then, Google security researchers have been busy finding the same bug in other group chat apps including Signal, JioChat, Mocha, Google Duo, and Facebook Messenger.
The bug has another noteworthy element besides its wide-ranging attack surface: how it was first uncovered. That was thanks to a Grant Thompson, a 14-year-old high school student attending school in Tucson, Arizona, at the time. Leading up to the bug's discovery, Grant had been playing a game of Fortnite with his friends via FaceTime. As he set up a group FaceTime call with his friends, he noticed something odd — he could hear one of them speaking before he ever answered the phone. When Thompson then reported the bug, he was initially ignored by Apple, who then eventually awarded him a bug bounty only after his mother doggedly pursued credit and applied through its developer program..
The underlying mechanics of the exploit
Let’s talk about the details about the bug's actual mechanics. To get into these details, I should first describe the video vulnerability avast
