Last week, Apple had to temporarily disable the Group FaceTime feature on iOS 12 and macOS Mojave after it discovered that a bug in the app allowed people to listen to the conversation even when they had not received the call. And now, the company has released a software update to fix the flaw.
The bug was at the outset reported to Apple by Michele Thompson after her 14-year-old high school student son, Grant, discovered that you could add yourself to a Group FaceTime call and force recipients to answer immediately. Apple was initially slow to respond, but the company has now credited the discovery to Grant Thompson of Catalina Foothills High School.
Apple also says that it will compensate the Thompson family for discovering the vulnerability and provide an additional gift to fund Grant Thompson’s tuition. Apple deciding on to pay the teenager as a part of its compensation program; the high school student would be lucky enough to receive between $25,000 (Rs 17.82 lakh approximately) and $200,000 (Rs 1.42 million approx).
Our team made a thorough security audit of the FaceTime service and brought additional updates to both FaceTime app and server to improve security flaws – Apple
Apple temporarily disabled Group FaceTime after reports surfaced about the bug. Thompson said he figured out that he could essentially force a friend’s phone to pick up by dialing one person in FaceTime and then swiping up and attempting to dial another person before the first one picked up. That instantly connected him with the first friend’s phone, even though they hadn’t actually answered the call.
Meanwhile, another teenage security researcher, Linus Henze from Germany, has discovered a critical bug in macOS Mojave that leaves the passwords vulnerable to hackers. Apart from fixing the bug in its group FaceTime feature, the company said that it had also released additional updates to the FaceTime app and its own server to enhance the security of its system.