Apple is compensating the family that reported the major FaceTime flaw that came to light a couple weeks ago.
According to a new report from the Wall Street Journal, Apple just released iOS 12.1.4 which includes a fix for a group FaceTime bug that let people eavesdrop on conversations even if they never answered a call.
The bug was present in Apple devices running iOS 12.1 or later, as well as Macs running Mojave. By initiating a Group Call and adding your own number after calling someone on FaceTime, it was possible to hear the recipient’s audio before they answered. Should they use the power button to silence or ignore the incoming call, the camera could also have been enabled, giving the dialer both audio and video of the person before they pick up.
Interestingly, a 14-year-old boy in Arizona named Grant Thompson was trying to play video games with friends when he accidentally discovered the vulnerability. On January 20, Grant’s mom Michele Thompson wrote a tweet that she contacted Apple Support about the problem in order to prevent the problem from falling into the wrong hands.
At first, Apple asked Thompson to sign up as an Apple developer and file an official bug report. But Apple eventually acknowledged the issue publically and disabled Group FaceTime once the vulnerability gained a lot more attention.
Now, Apple says it plans to compensate the Thompson family as well as make a gift towards Grant’s future education fund as a “thank you” for discovering the FaceTime flaw. The Cupertino company declined to say how much it paid, though the company runs a “bug bounty” program that, in some cases, pays up to hundreds of thousands of dollars to researchers that report bugs.
Apple sent a software-engineering manager to visit Grant and his mother to thank them for reporting the flaw and to learn about their experience in reporting it, said Ms. Thompson.
“He was pretty excited to meet with someone from Apple,” she said. “He asked him a few questions, such as ‘When are you coming out with your AirPod 2s.'”
“The answer was ‘Apple does not comment on future products,'” Ms. Thompson said.