Apple fixed a FaceTime bug on Thursday that allowed people to eavesdrop and also said it will pay a 14-year-old high school student for reporting the problem.
Grant Thompson, a high school student in Tucson, happened upon the bug last month while trying to get his friends together to play the video game “Fortnite,” he told ABC News.
“I stumbled upon this glitch that like the whole world knows about now,” Thompson said.
It’s unclear how much the teen will receive, but Apple has said it would make an additional gift toward Grant’s education, Reuters reported.
Grant is eligible for a payout through the company’s bug bounty program, which awards up to $200,000 to developers who discover issues with its software and services.
Did Apple fix the bug?
On Thursday, the tech giant announced the release of a software update for iPhones and iPads to fix the security issue, CNBC reported. The statement said:
Today’s software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.
Users can update their software by going to “Settings” on their device, choosing “General” and selecting “Software Update.”
The software update note credited Grant for his discovery, according to USA Today.
How did the glitch work?
Once a person started a FaceTime call with another iPhone user, they could swipe up from the bottom of the screen and tap on “Add Person” and type in their own phone number.
That would initiate a group Face Time call including yourself and the audio of the other person you called, whether they answered the call or not.
“We were all shocked,” Thompson told ABC News. “We realized this was an actual bug that forced people to answer the calls.”
After Grant and his friends stumbled on the issue and were able to recreate it several times, Grant told his mother, Michelle Thompson, who reached out to Apple about the flaw.
“I knew [Apple] had a bounty reward program, they had a security manual that was 80 pages that I looked at,” Michelle Thompson told ABC News. “I didn’t know if this qualified, and by no means am I a tech expert.”
It took about 10 days before the company responded to her multiple messages.
Apple finally called Michelle Thompson after the media picked up the story and requested to meet with her about the flaw.