Serviceteam IT Security News
The decision to award the bug has been welcomed but one security researcher has said that they need to do more to compensate those who find bugs

A US teenager has been given a rare bug bounty by Apple after he discovered a security flaw in Apple’s FaceTime video-calling service.

Grant Thompson, a 14-year-old from Arizona, uncovered how the glitch allowed any iPhone user to video-call another iPhone user via FaceTime and listen in on the audio on the other end – essentially turning another device into a live microphone.

While the bounty amount has not yet been disclosed, Apple have said that, on top of a monetary reward, it will also provide a gift that will go towards his education.

According to a report on the BBC, Thompson and his mother had warned Apple of the bug in early January with Mrs. Thompson sending several emails and messages to the company without getting any response at the beginning.

Apple accredited the teenager with discovering the flaw and also issued a software update that has fixed several other issues with the release of iOS 12.1.4, which focused mostly on fixing bugs, including the Group FaceTime issue.

Not all is rosy in the (apple) garden, however, with one disgruntled Germany-based security researcher refusing to share details of a macOS security weakness. Linus Henze stated online that he found a way to harvest passwords, private keys, along with tokens from a victim’s keychain.

He has said that he will not share the details with Apple until the company start to compensate those who uncover security flaws. Speaking to the tech news site the Register he said: “My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and researchers.

“I really love Apple products and I want to make them more secure. And the best way to make them more secure would be, in my opinion, if Apple creates a bug bounty program, like other big companies already have.”

To read more about bug bounties please check out:

Google pays $10,000 for student’s bug

How well can bug hunting pay?

Bugcrowd University: The free educational platform for security researchers

EU offers bug bounties on popular open source software


Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!