If you did not know about this – you should be very worried.
A few hours ago it was discovered that Apple’s FaceTime app allows anyone to connect to any Apple device that supports FaceTime and hear their audio without the person ever accepting the call. What’s worse (debatably?) is that it is incredibly easy to do this.
Listen-in on any remote Apple device in 4 steps
1.) Start a FaceTime call with someone
2.) While the call is “connecting”, quickly swipe up on the FaceTime menu
3.) Click on the “+ Add Person”
4.) Add your own phone number/contact
What happens at this point is that the call is “bridged” and a remote audio line is open to the destination Apple device.
Yes – really! You have now turned the remote Apple device into a remote audio tap/bug. You can choose to keep a 2-way audio channel, or mute it from your side.
Update #1: Apparently it works on Mac OS Mojave too.
Temporary Fix – disable FaceTime
As of right now, until Apple patches this, the only fix is to disable FaceTime:
iOS
1.) open “Settings”
2.) click on “FaceTime”
3.) toggle it “off” (green toggle -> to white)
Mac OS Mojave
1.) open “FaceTime” app
2.) press “command + K”
or
2.) click on the top-left menu bar with the app name “FaceTime”, and select “Turn FaceTime Off”