APPLE HAS FINALLY pushed out a fix for a for the high-profile FaceTime bug that allowed iPhone and Mac owners to eavesdrop on recipients if they didn’t answer their call.
iOS 12.1.4 was let loose on Thursday, alongside a FaceTime security update for Mac version of the video messaging app.
“Today’s software update fixes the security bug in Group FaceTime,” Apple said in a statement. “We again apologize to our customers and we thank them for their patience.”
The company noted that a thorough security audit of the FaceTime service also brought to light a previously unidentified vulnerability in its Live Photos service.
“To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS,” it said.
And as noted by security researchers with Google’s Project Zero, iOS 12.1.4 also fixes two other potentially serious security issues: CVE-2019-7287 (a memory corruption flaw in the IOKit) and CVE-2019-7286 (a similar glitch that could allow an application to gain elevated privileges).
More importantly, the iOS update ships with an acknowledgement of the discovery that credits 14-year-old Grant Thompson for finding the bug. Thompson’s mother Michelle attempted to warn Apple about the exploit a week before it was made public, and claims she flung emails, Facebook Messages, several tweets and even a fax in the company’s direction.
Apple Insider reports that has confirmed it will reward the teen for uncovering the exploit, providing the family with compensation for finding the bug as well as helping towards the teenager’s future education costs.
It’s unclear exactly how much Apple is planning to cough up, but if the compensation element is part of the company’s bug bounty program, the amount could be anywhere between $25,000 and $200,000. µ
Source : Inquirer