Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bug Communications IOS Software The Almighty Buck Apple Technology

Teenager Who Found FaceTime Bug Will Be Eligible For Bug Bounty Program (9to5mac.com) 49

Grant Thompson, the teenager that reported the FaceTime bug last week, will be eligible for the Apple bug bounty program. "Apple's bug bounty system is typically invite-only and limited to specific categories of security flaws, like accessing iCloud account data or demonstrating ways for iPhone apps to escape the security sandbox of iOS," reports 9to5Mac. "It appears the company is making an exception here given the embarrassingly public nature of the case, although further details about the reward have yet to be discussed." From the report: The FaceTime bug that made waves as result of 9to5Mac's coverage last week was actually first reported to Apple by Grant Thompson and his mother in Arizona a week earlier. However, deficiencies in the Apple bug reporting process meant that the report was not acted upon by the company. Instead, the teenager made headlines when his mother shared their Apple communications on Twitter. Their claims were later proved to be legitimate.

Around January 22, Apple Support directed them to file a Radar bug report, which meant the mother had to first register a developer account as an ordinary customer. Even after following the indicated steps, it does not appear that Apple's product or engineering teams were aware of the problem until its viral explosion a week later. CNBC reports that an unnamed "high-level Apple executive" met with the Thompsons at their home in Tucson, Arizona on Friday. They apparently discussed how Apple could improve its bug reporting process and indicated that Grant would be eligible for the Apple bug bounty program.

This discussion has been archived. No new comments can be posted.

Teenager Who Found FaceTime Bug Will Be Eligible For Bug Bounty Program

Comments Filter:
  • oh what a good company we are, giving bounty money to a teenager despite the fact that by the letter of our rules he shouldn't get any. Applaud us please.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      oh what a good company we are, giving bounty money to a teenager despite the fact that by the letter of our rules he shouldn't get any. Applaud us please.

      So Apple fixed their own damn rules.

      They are allowed to do that, you know.

      It looks like Apple's bug system was being run by low- to mid-level managers who were likely cooking the numbers to make themselves look better. (See! No high-level security-related bugs in **MY** project! Umm, yeah, not so much...) The publicity this kid generated got the attention of Apple's executives, who stepped in and seemingly fixed at least part of the problem.

      • So Apple fixed their own damn rules.

        No, they haven't.

        They are allowed to do that, you know.

        They are, but they didn't. They're just making an exception, because they need to distract from the fact that they fucked up on a grand scale. Again.

  • well deserved! (Score:5, Interesting)

    by sad_ ( 7868 ) on Tuesday February 05, 2019 @06:47AM (#58072546) Homepage

    It looks to me Thompson found 2 bugs, one with facetime and another with submitting bug reports.
    Don't know which of the two is the worst...

    • by msauve ( 701917 )
      As bad as the Facetime bug is, I'd say the other is worse for Apple - it made them admit that they really don't listen to their customers. But don't expect that to really change.
      • The very story is about how they not only listen, but actually rewarded someone they didn't promise anything...

        The fact that response was delayed is an issue yes, but within a week is still pretty good compared to many companies customer response - which is never...

        • by sjames ( 1099 )

          They never did willingly listen. They had to be bludgeoned with it on social media just like the other companies.

        • by dgatwood ( 11270 )

          The fact that response was delayed is an issue yes, but within a week is still pretty good compared to many companies customer response - which is never...

          Apple included. The slowness and inconsistency of Apple's bug handling is well known among everyone who has ever worked there or developed software for any Apple platform. In fact, at least a few years ago, it was a long-standing joke among Apple engineers that they'll close most of the bugs when they deprecate and subsequently drop support for the tech

    • by Anonymous Coward

      Three Bugs.

      The third being a rotten culture to the core.The person logging the call should have escalated immediately bypassing whatever. Bad culture is a management issue. Can't take the initiative? Not empowered?

    • I didn't realize that "regular people" couldn't file bug/security reports with Apple. I know its hard to do so... as I've found bugs in iOS myself and found the process of reporting them to be onerous. It's easier to put them on the Community forum and moan about them than actually file with Apple.

      Several instances I've just given up because of either "login" issues or can't attach screen shots / tell the story. By the time I've opened the form I feel like doing something else.

      Google and Microsoft have

      • I didn't realize that "regular people" couldn't file bug/security reports with Apple

        You kind of can via the Feedback [apple.com] forms.

        Though for something this serious going through bugreport was a better idea, who knows how long it would have taken to be noticed going through Feedback...

    • by Ichijo ( 607641 )

      Nice try but the difficulty in submitting bug reports is usually intentional. Many developers are not emotionally prepared to deal with bug reports which they see as criticism of their work. But maybe Apple developers are different.

      • by tlhIngan ( 30335 )

        Nice try but the difficulty in submitting bug reports is usually intentional. Many developers are not emotionally prepared to deal with bug reports which they see as criticism of their work. But maybe Apple developers are different

        No, it's intentional because the vast majority of bugs will be of the kind "I can't turn on my phone". Or "My phone doesn't charge" and the like.

        This is par for the course because for the most part, for every legitimate bug that needs investigation, you'll get a million of the ki

        • by Ichijo ( 607641 )

          it gets overlooked as people see it as another "I can't figure out how to use it and I don't want to read" type of complaint.

          In other words, another usability flaw, something that's not a bug because it was designed that way on purpose due to lack of testing on technically inexperienced people and/or lack of qualified usability experts helping you design your product.

  • The more typical scenario of course being that they get majorly sued for damages, while being publicly defamed for being an 'illegal haxxor'.
  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Tuesday February 05, 2019 @07:35AM (#58072644) Homepage Journal

    This is how abusers string along their victims - random occurrences of being "nice", by doing precisely what they SHOULD be doing. But it doesn't excuse their behavior the rest of the time. Apple has been generally unresponsive to bug reports since their first days. They pissed on their user base with this garbage bug, and now all they have to do to distract their Stockholm syndrome audience is grant a bug bounty to someone who clearly deserves it. "Look", they'll say, "Apple can do the right thing!" Yes, but only when it would otherwise make it obvious what they really are: abusive.

    I could make the same rant about Microsoft on another day, but it's Apple's turn :P

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...