After facing an embarrassing Group FaceTime bug, Apple today is facing yet another such Apple Watch issue. Reportedly, the Walkie-Talkie app released last year in watchOS 5 coincidently triggers the same vulnerability and has been disabled for now so that Apple developers work on a fix.
This vulnerability allows a user to listen to another customer’s iPhone without consent. It also allows two users, who have accepted an invitation from each other, to receive audio chats via a “push to talk” interface reminiscent of the PTT buttons on older cell phones.
One of the statements from the giant tech reads: “We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.”
Grant Thompson, a teen who discovered the vulnerability, had tried contacting Apple about the issue but was unable to get any response. Apple fixed the bug and also rewarded Thompson a bug bounty. Apple says the flaw would be disabled on its servers soon until a device-specific solution can be rolled out in the software updates. For now, the giant company is keen to listen more closely to the reports that ride in via this vulnerability.