Last week we reported about a serious vulnerability of the FaceTime which made it possible to hear or even see another person without proper consent. At first, Apple did what it could: it turned off FaceTime's group video conferencing feature on its servers to avoid exposing users. The company is still working on a patch for both iOS and macOS and should be making such updates available soon.
We also reported that the bug was discovered by a teenager named Grant thompson, who, with the help of her mother, reported the problem to Apple a few days earlier but, due to miscommunication (in the way such bugs are received and routed internally), nothing had been done by the company until everything was won. Great media coverage.
Now the CNBC He reported that a senior Apple executive (who was not identified) met with the Thompson family last Friday. They talked about how this bug reporting process could be improved. In addition, the executive stated that Grant would be eligible for Apple's bug bounty program, as we can see in the interview above.
Asked by the journalist if he continues to use Apple devices after the case, Grant said that this is something that happens (the failure) and that we are most likely talking about a unique situation that will not happen again. In addition, the student was pleased with Apple's position (as a privacy advocate) and therefore does not intend to migrate to competition.
Since it was released, Apple's bug bounty system is closed to guests and limited to just a few specific categories of security holes, such as accessing iCloud account data or demonstrating ways to escape security (sandbox) from iOS. That is, these financial rewards are not given to anyone who simply encounters a bug "any" in the company's operating systems.
The FaceTime bug case, however, was ugly for the company and this attitude may be a way to circumvent this image (a positive outcome of a situation that showed some weakness in Ma's internal process). The details of this possible reward that will be given to Grant, however, have not been disclosed. Apple is known to pay between $ 25,000 and $ 200,000 to people who find faults and participate in the program, depending on the level of the bug.