Apple warned about FaceTime bug over a week ago, gets sued

midian182

TechSpot Editor
Staff member

Attorney Larry Williams II said in his complaint to the court that the issue allowed the intrusion of “one’s most intimate conversations without consent,” reports Bloomberg.

The bug is present in Apple devices running iOS 12.1 or later, as well as Macs running Mojave. By initiating a Group Call and adding your own number after calling someone on FaceTime, it’s possible to hear the recipient’s audio before they answer. Should they use the power button to silence or ignore the incoming call, the camera will also be enabled, giving the dialer both audio and video of the person before they pick up.

Williams, who said he was eavesdropped on while taking a sworn testimony during a client deposition, seeks unspecified punitive damages on his claims of negligence, product liability, misrepresentation, and warranty breach.

Apple has disabled Group FaceTime to stop the vulnerability from being exploited. The Cupertino firm says it is working on a fix that’s scheduled to be released later this week.

In related news, Apple was reportedly warned about the issue over a week ago. Fourteen-year-old Grant Thompson first made the accidental discovery, after which his mother, Michele Thompson, tried to inform the company via emails, calls, and tweets at CEO Tim Cook.

As reported by CNN, Grant said he was hoping to get an Apple product, such as an iPhone X or MacBook Pro, for spotting the glitch. Michele says that while they didn’t report it for a reward, an acknowledgment would be appreciated.

"Apple should reward people for reporting things of this nature -- not just reward the developers or the people who are savvy with tech," she said. "I think just thanking him would be great," she said.

Permalink to story.

 

m4a4

TS Evangelist
I can't tell if he actually knows he was eavesdropped, or just sees a convenient opportunity (I'm thinking the latter).
Of course that's assuming you can't attempt/join Facetime without having the person as a contact first... As in, it won't be an "unknown" person.

And I'm not surprised Apple (or any other big company) tried to keep this quiet. They like controlling the narrative, and this one is going to be amusing watching them try to spin it.
As for the customer who reported it, it couldn't be that hard to work with them. A reward is nice, but don't feel entitled to one.
 

mbrowne5061

TS Evangelist
Honestly, the mom probably shot herself in the foot here. Most companies like to patch bugs before they acknowledge them outside of bug bounty channels. By going through tech support on Twitter, and then calling the Fox New Twitter handle to it, no company in their right mind will pay up for that. Plus, for all she knows, Apple knew of the bug before this even and was working on a patch - they were just the first 'regular users' to notice it.
 

Plutoisaplanet

TS Addict
Honestly, the mom probably shot herself in the foot here. Most companies like to patch bugs before they acknowledge them outside of bug bounty channels. By going through tech support on Twitter, and then calling the Fox New Twitter handle to it, no company in their right mind will pay up for that. Plus, for all she knows, Apple knew of the bug before this even and was working on a patch - they were just the first 'regular users' to notice it.
Apple's bug bounty program is via email. How do you know they didn't submit the bug there? It seems like this person was frantically trying to contact Apple knowing how important privacy was as a lawyer. Even so, this person wasn't a tech person at all and seemed like they did the best they could to get the issue escalated.

For anyone curious about the bug bounty program, it's buried in this one page: https://support.apple.com/en-us/HT201220
 

Plutoisaplanet

TS Addict
Apple's bug bounty program is via email. How do you know they didn't submit the bug there? It seems like this person was frantically trying to contact Apple knowing how important privacy was as a lawyer. Even so, this person wasn't a tech person at all and seemed like they did the best they could to get the issue escalated.

For anyone curious about the bug bounty program, it's buried in this one page: https://support.apple.com/en-us/HT201220
Ok it looks like she did report it to product security:
 
  • Like
Reactions: Clamyboy74