Keeping true to its promise, Apple will compensate 14-year-old Grant Thompson who figured out that the sketchy eavesdropping flaw in group FaceTime existed.
Reuters reported Friday that Apple has now acknowledged that it would compensate the Thompson family and make an additional gift toward his education.
Yesterday’s releases of the iOS 12.1.4 software and the macOS Mojave 10.14.3 Supplemental Update have fixed a much-reported flaw which permitted anyone to eavesdrop on FaceTime video and audio conversations before the other side has picked the call.
Grant Thompson of Catalina Foothills High School and his mother Michele made multiple attempts to alert Apple of the issue at least a week before it went public.
On its website, the Cupertino company lists Grant (as well as Daven Morris of Arlington, Texas) as the one who discovered the catastrophic privacy flaw in FaceTime. The iPhone maker has apologized for missing Grant’s messages and promised to improve its processes so that critical vulnerabilities are escalated to the right people within the company.
CNBC on Tuesday reported that an unnamed Apple executive met with the Thomspons at their home to discuss their finding and ask how the firm could improve its reporting process.
The unnamed Apple executive (Phil Schiller?) indicated that Grant would be eligible for the bug bounty program, Grant’s mother told CNBC, adding that the family “would hear from Apple’s security team the following week in terms of what that meant.”
Apple has done the right thing here by not only compensating Thompson for stumbling upon the FaceTime flaw but also for making an investment toward his education.
“If he got some kind of bug bounty for what he found, we’d certainly put it to good use for his college because I think he’s going to go far, hopefully,” Grant’s mom told CNBC. “This is actually a field he was interested in before and even more so now.”
A thorough security audit of the FaceTime service has also uncovered a previously unknown issue with the Live Photos feature within FaceTime, which has been fixed as well.