Texas Software Engineer Daven Morris Also Reported FaceTime Bug to Apple One Day Before it Made Headlines

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,233
9,745



In a support document outlining the security content of iOS 12.1.4, Apple credited both 14-year-old Grant Thompson of Catalina Foothills High School in Tucson, Arizona and Daven Morris of Arlington, Texas with reporting a major Group FaceTime bug to the company that allowed users to eavesdrop on others.


Thompson and his mother are widely known for being the first people to discover and report the bug to Apple, over a week before it made headlines on January 28, but nothing was known about Morris until now.

The Wall Street Journal today shared a few details about Morris, noting he is a 27-year-old software engineer who reported the bug to Apple on January 27, several days after the Thompsons but one day before it made headlines. He apparently discovered the bug a week earlier while planning a group trip with friends.


Apple on Thursday said it will compensate the Thompson family for finding and reporting the bug and make an additional gift toward Grant Thompson's education. Apple hasn't disclosed the exact sums of the donations. It's unclear if Morris will also be compensated by the company for reporting the bug.

In a statement issued to MacRumors, Apple apologized for the bug a second time and assured customers that it has been fixed in iOS 12.1.4, as has a previously unreported vulnerability in the Live Photos feature of FaceTime:
Today's software update fixes the security bug in Group FaceTime. We again apologize to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security. This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime. To protect customers who have not yet upgraded to the latest software, we have updated our servers to block the Live Photos feature of FaceTime for older versions of iOS and macOS.
Apple has reenabled its Group FaceTime servers, but the feature will remain permanently disabled on iOS 12.1 through iOS 12.1.3.

Widely publicized last month, the FaceTime bug allowed one person to call another person via FaceTime, slide up on the interface and enter their own phone number, and automatically gain access to audio from the other person's device without that person accepting the call. In some cases, even video was accessible.

We demonstrated the bug in a video at the time:


Apple already faces a lawsuit in Texas, a proposed class action lawsuit in Canada, questions from a U.S. Congress committee, and an investigation by New York officials over the bug and its serious privacy implications.

Article Link: Texas Software Engineer Daven Morris Also Reported FaceTime Bug to Apple One Day Before it Made Headlines
 
  • Like
Reactions: cashville2400

Goompa

macrumors member
Oct 29, 2018
53
84
And this is only engineers that made it to the media, could you imagine other ones doing the same who didn’t have the opportunity/ didn’t want to hesitate letting apple know about the issue?

I’ve got this feeling: macOS is long gone! :( I was one of those weirdos that liked Windows 8’s fresh air.
 
Last edited:

Goompa

macrumors member
Oct 29, 2018
53
84
I'm sorry but I don't understand your conment. I read it 5 times and am not sure what you're saying.
Sorry but I was loading my OS: I think that there are other engineers researching for other bugs in macOS, but since there’s no reward program they might not hesitate letting society or Apple know about the issue.
 

x-evil-x

macrumors 601
Jul 13, 2008
4,736
2,534
No it doesn’t matter but this kid and his mother got plenty of national attention over it. I see no problem with reporting on the fact someone else made Apple aware of this too.
It does not matter. Doesn’t change your life why should you care?
 
  • Like
Reactions: Totemsflare

repoman016

macrumors regular
Mar 28, 2017
103
225
Ohio
I am not sure why this matters. It's a bug, it's fixed. Issues will always occur, but Apple at least has a good reputation for quickly addressing it. That's all I ask.
I think it matters because its not a "my text box wont go to portrait mode" bug, its a privacy "this person can see what im doing without me answering the facetime" bug.
BIG difference.

Edit: I do agree tho we dont need to know the life story of who found it if thats more to what you were referring to
 

TonyC28

macrumors 68000
Aug 15, 2009
1,680
5,122
USA
Unless this bug was installed intentionally by some rogue engineer this story needs to go away.
 

russofris

macrumors regular
Mar 20, 2012
160
58
I'm relatively certain that LEA's have been using this (or related) Facetime vulnerability since at least Nov of 2018.

IE: Prior to serving an arrest warrant, the NYSPD will ping an iPhone user with a Facetime request that drops as soon as the user examines their phone.
 

DNichter

macrumors G3
Apr 27, 2015
8,961
10,071
Philadelphia, PA
I think it matters because its not a "my text box wont go to portrait mode" bug, its a privacy "this person can see what im doing without me answering the facetime" bug.
BIG difference.

Edit: I do agree tho we dont need to know the life story of who found it if thats more to what you were referring to
Yea, I get the bug is important, but more so how it was found seems unimportant to me. Either way though, Apple responded and squashed it. It will push them to tighten up quality control even more so - win / win to me.
 
  • Like
Reactions: paul4339

sdf

macrumors 6502
Jan 29, 2004
309
245
There might be a possibility that Apple took the bug report from the developer more seriously than the report from a child.
I think that's very likely, as he probably reported it through Radar. It's no ribbon on Apple (quite the opposite), but they really do work through Radar.
[doublepost=1549648615][/doublepost]
Who cares who supposidly “discovered” the flaw first. Really do we need an article for this?
Yes, you do. Some people report to make a product better, some report for the bounty… and some report for credit.

Give credit properly or that last group won't bother and the products will suffer for it.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.