The Apple Watch Walkie-Talkie app has been disabled after Apple found a vulnerability that could let people listen in on other iPhones, the company tells TechCrunch. Apple isn’t aware of the vulnerability having been used, and hasn’t provided any details of how it works beyond saying that “specific conditions and sequences of events are required to exploit it.”
Here’s Apple’s statement to TechCrunch:
We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent. We apologize again for this issue and the inconvenience.
Walkie-Talkie is an Apple Watch app that offers push-to-talk calls through a tweaked form of FaceTime Audio. It was added to the Apple Watch with last year’s release of watchOS 5. The app itself is still installed on users’ watches, but calls won’t go through.
This is the second time this year Apple has had to disable a FaceTime calling feature. In January, a vulnerability was discovered in the new group calling functionality that allowed people to listen in on devices before a call was picked up. Apple was slow to respond to that bug, which was reported to the company the week before it got wider attention.
It looks like Apple has been able to get out ahead of the issue this time round, however, and the timing is notable for another reason — just yesterday Apple took decisive action to remove Zoom’s web server software from Macs after the videoconferencing app had a major vulnerability bug of its own discovered.