Apple to compensate teenager who found Group FaceTime eavesdrop bug
Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up.
The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact with the company before the bug was discovered elsewhere and went viral on social media.
The payout will fall under Apple’s bug bounty, which incentivizes security researchers to claim a reward for privately submitting security bugs and vulnerabilities to the company. Apple will also offer an unspecified additional gift to Thompson’s education.
“In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security, an Apple spokesperson told TechCrunch. “This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime.”
“To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS,” said Apple.
Apple rolled out iOS 12.4.1 on Thursday, which Apple says “provides important security updates and is recommended for all users.” The company’s separate security advisory also credited Thompson with finding the bug.
Update to iOS 12.1.4 to re-enable Group FaceTime