I am not surprised about what happened at all. There is an argument that can be made about the fact that it took Apple so many years to finally implement group video call that they could take a little bit of time to do it right but other than that, I don't see how Apple could have prevented a bug that a person wasn't willing to disclose without having money first.
You don't see this kind of stuff every week, and surely Apple has the resources to at least confirm it.
A video as reproduction steps is as credible as it gets. I hope she and and son get a nice reward from Apple...
http://www.telegraph.co.uk/technology/apple/8912714/Apple-iT... is a story about how Apple didn't fix a remotely-exploitable bug in iTunes for years after being notified about it. During that time governments were said to have used this bug to infiltrate users' computers.
And the worst part of it all: The majority of Apple's software (certainly both FaceTime and iTunes) are proprietary programs -- user-subjugating software that does not respect a user's freedom to run, inspect, share, and modify the program. This means that even the most skilled and willing users are prohibited from fixing the problem and distributing a fixed version of the program to help their community. So, rich or poor, proprietors do their users a disservice by distributing proprietary software.