Apple has acknowledged a flaw in its FaceTime software that allowed for brief eavesdropping – even if the recipient did not pick up.
In some cases the target iPhone would send video, probably without the receiver’s knowledge.
The company said it had developed a fix and an update would be rolled out this week.
In the meantime, Apple appears to have disabled the ability for users to make group calls on FaceTime.
The flaw, first revealed by the 9to5Mac blog, appears to occur when both users are running version 12.1 of Apple’s mobile operating system, or newer.
The technique involves using the software’s group chat function, apparently confusing the software into activating the target’s microphone, even if the call had not been accepted.
The eavesdropping ends when the call is cut after too many rings.
‘National Privacy Day’
In addition to audio, 9to5Mac reported that pressing buttons to block the call or turn off the device would result in video being sent to the call maker, without the recipient’s knowledge.
In a statement, Apple told journalists: “We’re aware of this issue and we have identified a fix that will be released in a software update later this week.”
On social media, concerned users – including Twitter chief executive Jack Dorsey – suggested disabling the FaceTime function altogether, which can be done via the device’s settings menu.
Discovery of the flaw coincided with “National Privacy Day” in the US, a day heralded by Apple boss Tim Cook.
“On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections,” he wrote on Twitter.
“The dangers are real and the consequences are too important.”
New York governor Andrew Cuomo advised his city’s residents “to disable their FaceTime app until a fix is made available”,
He said: “The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk.
“In New York, we take consumer rights very seriously and I am deeply concerned by this irresponsible bug that can be exploited for unscrupulous purposes.”
Apple also recently made a big play of its privacy credentials at the recent Consumer Electronics Show in Las Vegas.
The company did not attend but placed a billboard near the event, reading: “What happens on your iPhone, stays on your iPhone.”