Apple releases bug fix for embarrassing security flaw that allowed FaceTime eavesdropping


Apple has not revealed the exact amount it is giving 14-year-old Grant Thompson but it is believed to include money to help pay for his education. The company has come under fire for its delayed response. By initiating a Group Call and adding your own number after calling someone on FaceTime, it was possible to hear the recipient's audio before they answered.

Apple's bug bounty policy has led one security researcher to withhold details on a password-stealing vulnerability in the MacOS operating system.

Now, Apple has finally credited Thompson and Daven Morris from Arlington, Texas in the patch notes to its latest update.

The company also says they uncovered another flaw during a "thorough security audit of the FaceTime service".

New Fortnite Challenges Before DJ Marshmello Concert — Showtime Posters
This weekend, Fortnite players were treated to an in-game concert courtesy of Philadelphia DJ and producer Marshmello a.k.a. The first challenge kicked off earlier this week and required players to "Search a Showtime Poster".

The damage may already have been done, however, as the company is already facing lawsuits over the FaceTime bug as well as an upcoming grilling by concerned lawmakers. News of the bug first hit last Monday, (Jan. 28), and Apple disabled Group FaceTime later that night, to prevent users from being spied upon. While Apple had already addressed the issue on its servers, AppleInsider pointed out, iOS 12.1.4 fixes this exploit on devices.

Apple initially said it would release updates to macOS and iOS addressing the flaw within a few days of its public disclosure. The two vulnerabilities, known as CVE-2019-7286 and CVE-2019-7287, were related to a "memory corruption issue". You will need Wi-Fi access and your battery to be charged above 50 percent, or the device will need to be connected to a charger. Macs are also getting an updated version of macOS 10.14.3 to fix the Group FaceTime flaw, as this feature is also built into that platform.

Users can update their software by going to "Settings" on their device, choosing "General" and selecting "Software Update".