Apple has disabled its newly-launched Group FaceTime feature, as it works to patch a serious privacy bug that surfaced late Monday afternoon. The bug, first reported by 9to5Mac, allows FaceTime users to access the microphone and front-facing camera of the person they are calling—even if that person doesn’t answer.

9to5Mac has reproduced the FaceTime bug with an iPhone X calling an iPhone XR, but it is believed to affect any pair of iOS devices running iOS 12.1 or later.
Here’s how to do the iPhone FaceTime bug:
Start a FaceTime Video call with an iPhone contact.
Whilst the call is dialling, swipe up from the bottom of the screen and tap Add Person.
Add your own phone number in the Add Person screen.
You will then start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t accepted the call yet.
It will look like in the UI like the other person has joined the group chat, but on their actual device it will still be ringing on the lockscreen.

The damage potential here is real. You can listen in to soundbites of any iPhone user’s ongoing conversation without them ever knowing that you could hear them.

The folks over at BuzzFeed were able to take it a step farther, pointing out that if the recipient presses the volume-down button, footage from the device’s front-facing camera could also be seen covertly by the caller. The bug has been replicated on a multitude of devices including an iPhone 8, iPhone X and even a Mac.

Apple has already made a statement on the issue, telling BuzzFeed that it is aware of the bug and it has “identified a fix that will be released in a software update later this week.” That’s great and all, but even if you release a fix for this, you still have to convince hundreds of millions of users to download it.

In the meantime, if you’re worried about the bug, you can disable FaceTime completely by going to Settings > FaceTime > Toggle Off.