14-Year-Old Boy Who Found FaceTime Bug Could Be Eligible For Apple's Bug Bounty Program


Last week, a major FaceTime bug that can be a potential threat to users' privacy made rounds online. The bug was first found by a teenage boy from Arizona, which was immediately reported by his mother to Apple.

Now the Cupertino brand might pay the boy for his discovery.

The Bug's Discovery

Grant Thompson, 14, discovered the eavesdropping bug when he contacted his friends via FaceTime and noticed that he could hear one of them even though his call wasn't yet answered. His mother, lawyer Michele Thompson, immediately tried to contact Apple Support to report the said problem.

However, Apple failed to respond immediately to the report. Worried that this could be a major security issue, Michele took to social media to alert the company. It took about a week — when major media outlets picked up the story — before Apple finally recognized and confirmed the bug. After which, it took down the Group FaceTime servers as a short-term fix.

Apple has since apologized for the bug.

Eligible For Bug Bounty Program

A report from CNBC said that a "high-level Apple executive" flew to Arizona to meet with the Thompsons last Friday, Feb. 1.

According to Michele, the unnamed executive thanked them for their bug discovery and for informing the company about it. The executive also mentioned that Grant is actually eligible for Apple's bug bounty program and that they "would hear from their security team the following week in terms of what that meant."

As for where the bounty will be used, Michele said that it'll be for Grant's college funds, as she "think he's going to go far, hopefully."

Apple's bug bounty program started in 2016. It aims to reward people who will discover flaws and vulnerabilities in its products. It's usually by invite only and is limited to certain security flaws. Reward amounts start at $25,000 and can go as high as $200,000, depending on the level of the flaw discovered.

ⓒ 2018 All rights reserved. Do not reproduce without permission.
Real Time Analytics