Apple's recent update (10-Dec-2019) deals with fixing the following security issue:
Impact: Processing malicious video via FaceTime may lead to arbitrary
code execution
If I call somebody via FaceTime video, how can a malicious video get into it? I mean, my video call is a video but it is not malicious. Where from does some other [malicious] video come?
Best Answer
In cases like these, my presumption is always that the majority of the risk comes when someone is able to connect to you and send malicious data (in this case in the form of video) to you.
So, for example in this case, I would assume that the danger comes from someone who attempts to connect “via FaceTime” (meaning the FaceTime port and/or protocol) but not with the official FaceTime app. Instead they would use some nefarious tool which will attempt to overflow some buffer or otherwise send data that the FaceTime app on your device will not be able to handle.
Personally, I never use FaceTime on my Mac or iPad, so I log out of the FaceTime app on the Mac and iPad, which limits the “attack vector” to my iPhone. I do not do this primarily for increased security (although it is a nice side benefit). I do it because I don’t want all of my devices to “ring” for a FaceTime call, only my iPhone.