The decision to award the bug has been welcomed but one security researcher has said that they need to do more to compensate those who find bugs.
A US teenager has been given a rare bug bounty by Apple after he discovered a security flaw in Apple’s FaceTime video-calling service.Grant Thompson, a 14-year-old from Arizona, uncovered how the glitch allowed any iPhone user to video-call another iPhone user via FaceTime and listen in on the audio on the other end – essentially turning another device into a live microphone.
While the bounty amount has not yet been disclosed, Apple have said that, on top of a monetary reward, it will also provide a gift that will go towards his education.
According to a report on the BBC, Thompson and his mother had warned Apple of the bug in early January with Mrs. Thompson sending several emails and messages to the company without getting any response at the beginning.
Apple accredited the teenager with discovering the flaw and also issued a software update that has fixed several other issues with the release of iOS 12.1.4, which focused mostly on fixing bugs, including the Group FaceTime issue.
Not all is rosy in the (apple) garden, however, with one disgruntled Germany-based security researcher refusing to share details of a macOS security weakness. Linus Henze stated online that he found a way to harvest passwords, private keys, along with tokens from a victim’s keychain.
He has said that he will not share the details with Apple until the company start to compensate those who uncover security flaws. Speaking to the tech news site the Register he said: “My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and researchers.
“I really love Apple products and I want to make them more secure. And the best way to make them more secure would be, in my opinion, if Apple creates a bug bounty program, like other big companies already have.”
To read more about bug bounties please check out:
Google pays $10,000 for student’s bug
How well can bug hunting pay?
Bugcrowd University: The free educational platform for security researchers
EU offers bug bounties on popular open source software