While it only made the news yesterday, it appears Apple was alerted to a major FaceTime privacy bug over a week ago.
Twitter user MGT7500 tagged the official Apple Support account in a January 20 tweet claiming that her 14-year-old son discovered a "major security flaw" that allowed him to "listen in to your iPhone/iPad without your approval." The user also tagged Tim Cook on the issue in a follow-up tweet on January 21.
My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport...waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews — MGT7 (@MGT7500) January 21, 2019
@tim_cook This is real...trying to get Apple’s attention to get this addressed. I’m just a mom of a teenager who found a huge problem in your new update. I’ve verified it myself...someone from Apple should respond to us. https://t.co/S6qyXts6GF — MGT7 (@MGT7500) January 21, 2019
Once the bug started making headlines on Monday, the Twitter user then shared additional tweets claiming that they had also emailed Apple's product security team over a week ago. A screenshot of the email was shared, and it appears the team did respond, but what they said is not visible in the screenshot.
One of many emails sent to Apple 1 week ago attempting to report the Group FaceTime bug. @cnbc @cnn @foxnews @9to5mac pic.twitter.com/l9IFMZmKh6 — MGT7 (@MGT7500) January 29, 2019
FYI- I called, FB messaged, faxed, emailed and tweeted Apple exhaustively last week to no avail. Submitted official bug report also. Tried to keep it private b/c of the security concerns. Never heard from them. — MGT7 (@MGT7500) January 29, 2019
The user acknowledges having wanted to receive a monetary reward under Apple's bug bounty program, but she claims she still proceeded to alert Apple to the bug by phone, fax, and with an official bug report nonetheless. She also wanted to keep the bug private, but she did tweet Fox News about it.
All in all, there is evidence that Apple Support was tagged about an eavesdropping bug eight days before it made headlines, and if the rest of the tweets are truthful, the company was also alerted about the bug via several other avenues.
Apple has temporarily disabled Group FaceTime, as adding your own phone number to a FaceTime call was the underlying cause of the bug, while it rushes to prepare a software update with a permanent fix. Apple said that update will arrive "later this week," but it wouldn't be surprising to see it today.
Apple did not immediately respond to our request for comment about when it discovered the bug and how long it existed.
Update: John Meyer reached out to the Twitter user and has shared a video about the FaceTime bug that he says was recorded and sent to Apple on January 23. Meyer has apparently confirmed the veracity of this info by phone.
VIDEO: Here is a video, recorded & sent to Apple by a 14 yr old & his mom, on JAN 23rd, alerting them to the dangerous #FaceTime bug, that has threatened the privacy of millions. I've removed sensitive / private info on behalf of the mother (an attorney), whom I just spoke to. pic.twitter.com/YIBKXEP3mI — John H. Meyer (@BEASTMODE) January 29, 2019
