A US teenager who discovered a security flaw in Apple’s Face Time video-calling system has been given a bug bounty. Apple has not revealed the exact amount it is giving Grant Thompson 14-year-old but it is believed to include money to help pay for his complete education. The teenager found a bug which meant he could briefly eavesdrop on recipients to a group Face Time call.
The reward comes as 1 security researcher refused to tell Apple Inc about a bug because no bounty was on offer.
Information about this bug 1st emerged at the end of January & revealed that some Apple users could secretly listen to people they called via FaceTime even if the recipient did not accept the call. Apple deemed it so serious that it disabled the group FaceTime feature while it investigated & produced a fix. News reports about the problem initially said it was just being discussed on social media & did not credit any individual with its discovery.
Later, it emerged that Apple had been warned about it earlier in January by Grant & his mother. The teenager uncovered the problem when using FaceTime to talk about strategies for the Fortnite game with his friends. Mrs. Thompson sent several emails & other messages to Apple warning about the vulnerability but initially got no response.
Now, Apple has credited the Grant, who’s from Catalina, in Arizona, with finding the flaw. News about his reward came on the day that Apple issued the software update that fixed the bug.
Apple’s bug bounty policy has led one security researcher to withhold details on a password-stealing vulnerability in the Mac operating system (MacOS).
German bug hunter Linus Henze said he would not release details of the problem to Apple until it included MacOS in its bounty program. Currently, Apple only pays for bugs found in the iOS operating system for smartphones. In addition, security experts have to be invited to take part in the programme which up to $200,000 (£154,300) for the most serious bugs.
“My motivation is to get Apple Inc to create a bug bounty program. I think that this is the best for both Apple & researchers,” he told tech news site the Register.