Apple apparently wasn't able to meet that self-imposed deadline and says that the bug will be patched in an iOS update that will be released next week. In a statement sent to MacRumors, Apple apologized for the obvious breach in user privacy – something that the company has always vowed to protect.
In the statement, Apple even specifically calls out and thanks Grant Thompson the 14-year-old boy that discovered the bug and told his mom about it. Michele Thompson then attempted to get in contact with Apple via Twitter, email, phone, fax and even Facebook Messenger to no avail – this occurred a week before the public disclosure. There’s no word on if Thompson will be given a reward under Apple’s Bug Bounty program for his discovery.
“We want to assure our customers that as soon as our engineering team became aware of the details necessary to reproduce the bug, they quickly disabled Group FaceTime and began work on the fix,” said Apple in a statement. “We are committed to improving the process by which we receive and escalate these reports, in order to get them to the right people as fast as possible.”
The company went on to add that it takes security “extremely seriously” and that will continue to earn the trust of its millions of customers.
The bug allowed a caller to place a FaceTime call to anyone with an iPhone and then add the caller’s own phone number using the “Add Person” button. The caller would then be able to hear audio from the receiver’s phone even if they didn’t answer the call. Even more shocking was the fact that video from the receiver could also be transmitted under certain circumstances without their knowledge.