Apple has temporarily deactivated the Apple Watch’s Walkie Talkie app because of an unspecified bug that allowed someone to eavesdrop on an iPhone owner’s device without their consent.
The firm yesterday issued an apology for the vulnerability and for any inconvenience that users might suffer while they wait for it to be fixed.
The Apple Watch’s Walkie Talkie app enables two individuals who have accepted invitations from one another to take part in an audio chat via the device’s ‘push to talk’ interface.
In a statement, Apple said: “Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously.”
Apple only heard about the bug when someone alerted the company via the “report a vulnerability” site, but it claims that there is no evidence of anyone actually exploiting it.
The Cupertino-based firm has temporarily deactivated the app until the bug has been fixed. It will stay on your device – it just won’t work until the fix has been installed.
Earlier in 2019, a similar weakness was revealed in FaceTime’s group-calling feature that allowed others to hear what you were saying before you actually accepted the call. It turned out that Grant Thompson, the teenager who discovered the vulnerability, tried to contact Apple about the matter but received no reply. After the bug was fixed, Apple gave him a “bug bounty.”
Apple has also silently issued a Mac update that removed a feature of the Zoom conference app that enabled it to bypass Mac restrictions and make the call initiation experience much smoother – but also enabled websites and emails to add a Mac owner to a video call without their permission.