Facebook fixes issue that activated iPhone's camera without user knowledge
Facebook on Wednesday updated its iOS app to address a flaw that inadvertently enabled a user's camera without their knowledge, a potential security issue first spotted last week.
Discovered last week, the flaw in Facebook's iOS app inadvertently activated an iPhone's rear-facing camera in certain situations. Typically, users found the camera went live while browsing account pages or performing other actions not associated with picture taking or regular image capture.
Joshua Maddux posted evidence of the bug in a tweet on Nov. 9., demonstrating that a live video feed was opened in the Facebook app and hidden behind a photo or other onscreen content. Sliding foreground panels to the side displayed a small portion of the live feed, which appeared to be captured from a rear-facing image sensor.
Maddux was able to replicate the issue on multiple devices running iOS 13.2.2, though previous iOS versions were seemingly unaffected by the bug.
It should be noted that the app was operating within the iOS sandbox, meaning affected users had previously allowed access to camera hardware. Still, unintentional and inconspicuous activation of iPhone's imaging module is viewed as a serious threat to user security, especially when it involves a company widely criticized for numerous privacy snafus.
Facebook has yet to explain the matter publicly.