Apple tackled a bevy of vulnerabilities across all its platforms Tuesday, including one that allowed a remote attacker to initiate a FaceTime call by exploiting a bug in some model iPhones, iPads, and iPad Air devices. The wide-ranging security fixes came on the same day Apple announced a new laptop and Mac Mini, and a new iPad Pro.
Most notable of the vulnerabilities fixed by Apple was the FaceTime vulnerability, CVE-2018-4367, found by Google Project Zero researcher Natalie Silvanovich. According to Apple, a memory corruption bug in affected devices allows a “remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.”
According to Apple’s security notes, Tuesday’s patch address the FaceTime bug in iPhone 5s and later, iPad Air and later, and iPod touch 6th generation.