A bug in FaceTime allows a caller to eavesdrop on the receiver without the receiver picking up the call, subsequently allowing the the caller to see or hear the receiver's surrounding.
The bug seems to be a design or a logic flaw, and not a technical vulnerability.
Here are the steps to reproduce this phenomenon.
- Start a FaceTime Video call with any iPhone contact.
- While your call is dialing, swipe up from the bottom of your iPhone screen and tap 'Add Person.'
- You can add your own phone number in the 'Add Person' screen.
- This will start a group FaceTime call including yourself and the person you first called, whose audio you will able to listen in even if he/she hasn't accepted the call yet.
Some have also reported that if the receiver decides to reject the call, the camera of the iPhone of the receiver will still be engaged.
Apple have since acknowledged the issue and will be rolling out a fix in an upcoming patch. iPhone users should update their iOS when the security patch is out to avoid future eavesdropping.
For now, a preventive measure is to disable FaceTime on iOS devices. This can be achieved by going into Settings -> FaceTime -> Disable FaceTime.