The flaw found by Grant Thompson is where it was possible to listen in on someone before they answered a call via Group FaceTime. The teenager had been setting up the application in readiness for a group chat with his friends prior to playing Fortnite.
Thompson, a 14 year-old living in Tucson, Arizona, U.S., told his mother about the security issue with Apple’s product. Michele Thompson tried to contact Apple on several occasions, by both e-mail and social media, without success. Finally someone at Apple noticed the message, looked into it and confirmed that the privacy flaw was real.
Apple acted on the information and temporarily took Group FaceTime offline and issued a fix via the iOS 12.1.4 security update. Now the company, in terms of gratitude, is to pay an ex gratia payment to Grant. This will be in the form of a payment to support Grant’s future education plans. TechCrunch states that the payment will be drawn from Apple’s bug bounty, a scheme designed to incentivize security researchers to claim a reward for privately submitting security bugs and vulnerabilities to the company about any of its hardware or apps.
This isn’t the only recent security flaw that Apple has had to address. The Verge discusses another FaceTime-related security flaw which has also been addressed in the latest iOS 12.1.4 update. The site quotes Apple: “In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.”
