Videos and descriptions of the vulnerability have been making the rounds on social media websites. The attack does not require any technical knowledge and it can be carried out in seconds.

The attacker calls the targeted user via FaceTime and then immediately initiates a group chat by using the “Add person” button from the bottom of the screen. The attacker adds their own number to the group chat and FaceTime treats this action as if the targeted user answered the call, thus allowing the attacker to hear the victim.