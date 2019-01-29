By Robert McMillan

Apple Inc. scrambled to fix a bug in its FaceTime video-chat system that lets callers eavesdrop on users of iPhones, iPads, and Macs, an embarrassing setback for a company that has touted its commitment to privacy.

The glitch, which was flagged on social media Monday, allows one FaceTime user calling another to listen in while the recipient's Apple device is still ringing--even if the person never accepts the call. It requires several steps, but could be used by someone familiar with the technique to eavesdrop on rooms with unattended devices, to briefly listen in on a FaceTime user before the person accepts or rejects the call, or even to receive an unauthorized video feed from the phone.

Late Monday, Apple disabled the Group FaceTime feature that was linked to the security bug. A spokeswoman said the company was aware of the issue, and expected to release a software fix this week.

The major bug arises at a time when Apple is increasingly highlighting its emphasis on user privacy to distinguish itself from other big tech companies that have had problems protecting users. Before word of the bug surfaced, Apple Chief Executive Tim Cook called attention on Twitter to Monday being international Data Privacy Day. "On this #DataPrivacyDay let us all insist on action and reform for vital privacy protections," his tweet said. "The dangers are real and the consequences are too important."

That emphasis makes the bug particularly embarrassing for Apple, said David Kennedy, chief executive of security consulting firm TrustedSec LLC, who said the glitch should have been caught during product testing. "Privacy and security: That's their main focus," he said. "They really built their brand off of that and this is a big hit."

The security problem also comes as investors are questioning whether Apple's flagship product is losing its luster. Earlier this month, Apple cut its quarterly revenue forecast, citing slow iPhone sales in China.

The bug was reported earlier Monday by the tech news site 9to5Mac.

To listen in on a recipient's phone, the caller must start a FaceTime call, swipe up on the FaceTime screen while it is trying to connect and then add him or herself as a group member of the FaceTime call. Once that is done, the caller can listen in to the recipient.

If the recipient clicks on the iPhone's power button, it activates a video connection, allowing the caller to see a video stream from the recipient's phone.

With FaceTime groups now disabled, however, it should no longer be possible to exploit the bug.

Apple added the ability to group FaceTime users into a single call in an October 2018 update to its iOS operating system.

On Twitter, several prominent people urged users to disable FaceTime in their device settings until Apple releases a patch. They included Rob Joyce, the National Security Agency's senior adviser on cybersecurity strategy, and Twitter Inc. Chief Executive Jack Dorsey. "Disable FaceTime for now until Apple fixes," Mr. Dorsey wrote.

Write to Robert McMillan at Robert.Mcmillan@wsj.com