Alongside the release of iOS 12.1.4, which fixes the Group FaceTime bug, Apple has also released an updated version of macOS 10.14.3 which addresses the same bug.
The macOS Mojave 10.14.3 update can be installed by clicking the “Software Update” icon in the System Preferences app.
The new version includes a fix for the Group FaceTime bug hat allowed a FaceTime caller to monitor audio and video from a call recipient, even if they did not accept the FaceTime call. The update also includes a fix for an issue a security audit of the FaceTime service uncovered with Live Photos.
Apple’s Release notes for the supplemental update of macOS Mojave 10.14.3 are as follows:
macOS Mojave 10.14.3 Supplemental Update
Released February 7, 2019
FaceTime
Available for: macOS Mojave 10.14.3
Impact: The initiator of a Group FaceTime call may be able to cause the recipient to answer
Description: A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management.
CVE-2019-6223: Grant Thompson of Catalina Foothills High School, Daven Morris of Arlington, TX
Foundation
Available for: macOS Mojave 10.14.3
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2019-7286: an anonymous researcher, Clement Lecigne of Google Threat Analysis Group, Ian Beer of Google Project Zero, and Samuel Groß of Google Project Zero
Live Photos in FaceTime
Available for: macOS Mojave 10.14.3
Impact: A thorough security audit of the FaceTime service uncovered an issue with Live Photos
Description: The issue was addressed with improved validation on the FaceTime server.
CVE-2019-7288: Apple
