
Apple to contribute to U.S. teen's education for spotting FaceTime bug - daegloe
https://www.reuters.com/article/us-apple-patch/apple-to-contribute-to-u-s-teens-education-for-spotting-facetime-bug-idUSKCN1PW2E0
======
davesque
You know, I'm happy on some level for that individual. It seems like a great
stroke of fortune. On another level, it bothers me that there are such large
institutions that can arbitrarily "bless" random people like a deity or
something. I also can't help but look at this cynically as a largely self-
interested PR grab by Apple that is not a real sacrifice on their part.

~~~
ppeetteerr
> it bothers me that there are such large institutions that can arbitrarily
> "bless" random people like a deity or something.

Do you mean like how some people are born into rich families and some into
poor families? (I kid :))

> I also can't help but look at this cynically as a largely self-interested PR
> grab by Apple that is not a real sacrifice on their part.

It may be but so what? They could have done nothing, but they didn't. Good on
them for doing this.

~~~
nerdponx
_Do you mean like how some people are born into rich families and some into
poor families? (I kid :))_

Why kid? This is the way of the world.

~~~
zavi
Most people on US Forbes top 500 came from poverty and / or other
disadvantage.

~~~
peeters
Seemed like a dubious claim, so tried to find a source and found this old
article:

Did the Forbes 400 Billionaires Really 'Build That'?
[https://www.cnbc.com/id/49167533](https://www.cnbc.com/id/49167533)

Trimming a lot:

"United for a Fair Economy breaks down the Forbes list using a baseball
analogy. It says

\- 35 percent of the list was born in the “batter’s box,” with a lower-middle
class or middle-class background...

\- 22 percent of the list were born on first base: they came from a
comfortable but not rich background and might have received some start-up
capital from a family member.

\- 11.5 percent were born on second base, the report says. Second base is
defined as people who inherited a medium sized company or more than $1 million
or got “substantial” start-up capital from a business or family member.

\- 7 percent were born on third base, inheriting more than $50 million in
wealth or a big company. The report includes Charles Koch and Charles Butt on
third base.

\- 21 percent were born on home plate, inheriting enough money to make the
list."

So less than 35 percent would be coming from poverty, if this study is to be
believed. This is for the 400 billionaires list though.

~~~
rudolph9
I honestly expected significantly less (I figured home plate would be the
largest group) but was not surprised at all to learn 3rd base was the smallest
group.

~~~
weliketocode
Yeah, inheriting $50mm+ seems like more than enough to disincentivize risk and
innovation.

------
icodemuch
Feels like the headline here should be related to bug itself, the amount of
privacy it violated, and how long it took Apple to fix it!

Clearly a good PR move for Apple.

~~~
CGamesPlay
[deleted]

~~~
murderfs
Why do you expect some random member of the public to obey an arbitrary rule
from the infosec community that they don't even all agree on?

~~~
CGamesPlay
Oh I don't. I expect Apple to hold their bug reporters to those standards,
though, so it's interesting to see that they are giving a "bounty" to this
"irresponsible disclosure".

~~~
pfg
How was the disclosure irresponsible? AIUI, multiple attempts were made to
report the bug. It went viral a couple of days later on social media. I'm not
aware of a link between those two events.

------
anth_anm
> Two key U.S. House of Representatives Democrats on Tuesday asked Apple Chief
> Executive Tim Cook to answer questions about the bug, saying they were
> “deeply troubled” over how long it took Apple to address the security flaw.

honestly this just seems like a waste of time.

~~~
dsl
As a voter, this isn't very high on the list of things I'd like to see my
representatives being "deeply troubled" about...

------
quenstionsasked
Reported an iphone lock screen bug and received nothing. Thanks apple.

~~~
mises
If it's a serious bug, talk to a zero day broker.

~~~
jtl999
I thought Zerodium (as an example) was only interested in RCE type
vulnerabilities, although I could see others being of value as well.

~~~
mises
Zerodium might generally traffic in RCE because they're typically of the
highest value. They would likely judge that to be of comparable value to some
RCEs, if for no other reason because of the number of devices affected.
Zerodium also isn't the only one out there.

------
eiji
Only in the land of philanthropy is such a headline a thing, or even a PR
move. So instead of giving the guardian of said teenager 200k to do with as
they/he/she pleases in the interest of the child, you set up a education
funding scheme? But when the government does it, it's what?

~~~
reaperducer
_So instead of giving the guardian of said teenager 200k to do with as they
/he/she pleases in the interest of the child_

A lot of people are jackwagons and will spend the money on whatever they want
instead of their child's education. This way Apple gets to make sure it goes
to the child's future.

Source: Had to finance a big portion of college on MasterCard.

~~~
NedIsakoff
This is why.

One of my ex's maternal grandma left her a little over $100K for college. The
grandma trusted her daughter and son in law to manage it. The parents divorced
and the mother went wild for a while and spend it on drugs, partying, and
vacations. My ex ended up taking a bit OSAP.

------
bredren
He also got a personal visit from an unnamed Apple executive.

~~~
sundvor
Nice. Bit of a side point, but I feel that we should all give a shout out to
the mum who clearly was the power broker for this to happen. She did a great
job navigating the maze that was Apple's bug reporting pathways.

~~~
bredren
I think so too. Focus is on the child but maybe the mom wants it that way.

------
argd678
I’m glad to see more attention from law makers over data security, many
companies have shown little interest in correcting or preventing issues long
enough.

------
duxup
Nice.

Still should have responded to them faster. Someone at Apple just dropped the
ball when they got the report.

~~~
Someone1234
I don't think it is any specific "someone." I think Apple's
policies/procedures itself are more at fault.

The fact that there's no way clear route to submitting security issues if you
aren't a registered developer is problematic.

~~~
thisisweirdok
Seriously. They'd get a ton of bad reports like everyone with a bug bounty
program, but Apple isn't exactly running lean on resources.

------
mikenew
> "In addition to addressing the bug that was reported, our team conducted a
> thorough security audit of the FaceTime service..."

Why would they have not done this in the first place? Apple has more money
than they know what to do with, why not have teams of people banging away on
this stuff? The actual exploit was incredibly simple.

~~~
czhiddy
What makes you think this was the first audit? Shipping a bug doesn't imply
that zero QA was done.

------
rblion
Apple is playing chess right now on the brand positioning game against
Alphabet and Facebook. The most cynical people will dismiss it but most people
will accept it as a gesture of goodwill.

------
username3
Spotting bugs pay more than bug bounties.

~~~
bredren
How so? Radar reports don't garner any payouts, do you mean with other
companies?

------
retrac98
Good PR move.

------
bparsons
They should just give him a large bug bounty.

------
chrisseaton
Does offering to contribute to someone's education sound to anyone else like
they're criticising his current level of education? Seems like an insult?

Like 'we'll pay for you to get a better education so next time you'll know how
to speak to us correctly.'

Why don't they just give him cash compensation if they want to apologise?

~~~
dx420
So a College fund or a Scholarship is an insult?

~~~
chrisseaton
Why not just the cash? An apology but you have to spend it how Apple wants?
What's up with that?

