Post updated January 29th, 2019 at 04:32 pm
UPDATE (1:58 PM): Apple has since deactivated Group FaceTime feature as a temporary measure against the bug. More details here.
ORIGINAL STORY (11:08 AM):
A major security flaw has been detected within the FaceTime feature on Apple products. This particular bug allows a caller to hear audio and see the camera feed from their recipients even though they didn’t pick up the call.
As reported by 9to5Mac, the FaceTime bug can be activated when a caller adds his or her own phone number through the Add Person feature during FaceTime Video call. A group FaceTime UI will then appear, and the caller would then be able to hear audio from the other side even though the recipient didn’t pick up the call.
9toMac also further pointed out that the bug affects both iPhone and Mac. A subsequent report by The Verge also stated that the bug can also activate the recipient’s camera, but it would require the recipients to press the Power button when the call comes in.
As shown above, we were able to personally replicate the bug with the call being made from iPhone XR to an iPhone 8 with both devices running on OS 12.1.2. At the moment, there is no sure way to protect oneself against the loophole that was caused by the bug other than disabling the FaceTime feature on iPhone and Mac.
That being said though, Apple is already aware of the bug and is working to release a fix later this week according to a statement that the company has sent to several media out there.