Apple may be giving its customers peace of mind with a newly released fix for its FaceTime security bug, but at least one user is getting something more: money for discovering the vulnerability.

Grant Thompson, a 14-year-old in Arizona, stumbled upon the hack last month when he was calling a friend to play the videogame Fortnite. When his friend didn't pick up the FaceTime call, he added a second friend to the group call, which caused the original call to "pick up" even though his friend didn't answer, according to multiple reports.

The security flaw let Thompson eavesdrop on the other line.

And he re-created the hack several times with his friends and his mum to confirm the existence of the bug, he said.


New Zealand Privacy Commissioner John Edwards was among those able to replicate the bug.

Now Apple is rewarding him for his discovery. Apple said it would pay the Thompson family for reporting the bug. And it will also make a gift toward Thompson's education. Apple did not say how much it would give.

Appearing with his mother on CNBC this week, Thompson said he was surprised to find the flaw before Apple did, and he added that he would remain an iPhone user despite the bug. "In general I think that Apple tries to keep our privacy safe, and I respect that," he said.

He was also asked whether his popularity at school has changed since Apple credited him with discovering and reporting the bug. "Quite a few of my friends know of it and think it's pretty cool," he said.

Thompson's mum, Michele Thompson, said she called and emailed Apple to alert them about the bug days before its existence was widely reported in the news media.

She tried for nine days. At one point, she was told she needed to register as a software developer before she could file a bug report.

"We again apologise to our customers and we thank them for their patience. In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security," Apple said in a statement.

Even as Apple rolls out a security fix for consumers, New York Attorney General Letitia James is investigating the company's response to the FaceTime bug.


"This FaceTime breach is a serious threat to the security and privacy of the millions of New Yorkers who have put their trust in Apple and its products over the years," James said in a news release last month.

James appeared to implicitly reference the Thompson family, noting that reports indicated the existence of the bug was flagged to Apple "more than a week before it was shared widely with the media and the company took action," according to the release.

James said her office will examine "Apple's failure to warn consumers about the FaceTime bug and slow response to addressing the issue."