Interesting twitter account. First tweet 1/1/19, few followers, mostly politics, then a major bug report (not only in discovery but in knowing how to go through the reporting process). Not saying it’s fake at all - it looks 100% legitimate - but it adds some extra bit of weirdness to this story. Quite the providence, and a really bad bug. (edited for clarity)

The genuineness of the Twitter account is absolutely irrelevant in contrast to the validity of the bug itself.

Apple was reported a high priority bug at a specific time. Who reported it, how they look like, what their Twitter profile looks like should have no impact on Apple's bug fixing process and how long/short they took to fix the bug.

Oh I’m not questioning the existence or importance of the bug. It’s important and a big screwup.

However, I am extra sensitive to the degree to which twitter is being manipulated for all sorts of ends. Sometimes things look more than a bit fishy. Usually major bug reports don’t come from 2019’s version of egg avatar + letters/numbers username + very recent activity consisting almost entirely of political posts + past tweets with interactions with obvious political manipulation bots. That is on the stranger end of things, you have to admit. To be clear I think it’s real, but also real weird.

What possible motivation would anyone have for reporting a real bug of this nature like this? Other than, yeah, found a crazy bug.

Stock manipulation perhaps? Happens a lot with Tesla apparently, short sellers will pump up any negative story and try to get it into press. This person was making several attempts to get in contact with press after all, and a story about a teenager finding a big privacy bug in a company that publicly touts its privacy chops has ‘news at 11’ written all over it.

Personally I think a bug report story is not a particularly plausible strategy for such a thing - this person’s concern seems entirely genuine - but crazier things have been done for money. I’m relatively skeptical of complaints from companies about short sellers and bad press, but also recognize that stock manipulation happens a lot more than most ppl are aware of.

Is it still called stock manipulation if the bug is critical and for real and the company deserves to lose shareholder value simply for the critical nature of the bug?

Imagine how many people are vulnerable out there - I'm already starting to read some complaints on the internet that some people were unknowingly sharing a video of them taking a shower, etc.

If you're are in possesion of information with the potential to impact the stock price when released and you use it in your own favor to try to make a profit, then I believe it can be characterized as an attempt of stock manipulation.

Yes, as they would have lost less stock price if a fix had been prepared and released along with the announcement.

Yes, if options purchases were made before the market found out.

Yes, if their intentions were to change stock prices with the announcement in any respect whatsoever, whether up down in price and/or in volatility.

No, if they were not intending to change the stock market with the announcement, regardless of the fact that they did. (Naïveté happens. So does unconcern. Still, No.)

you have to admit it is at least slightly curious the bug received attention only recently since today $aapl is set to report their earnings

odd that this is so recent and the twitter account is so fresh, with so many facetime sessions esp with ios being popular among those in infosec

Depends on when the information was made public

Also timing, Apple publish their quarterly earning results this afternoon in an already peculiar context. It’s the first time they missed guidance over the decade.

Ps: As others noted maybe it’s fair enough if support failed to acknowledge the bug quickly enough.

@foxnews sure has “news at 11” written on it.

If the bug was held by a nation state, and their use of it was burned for whatever reason, then the nation state could release it in this manner to sow chaos in lots of fun ways:

1) The entire world of iPhone users

2) The financial markets (Apple suffers)

3) The financial markets (non-Apple benefits)

4) The political sphere (distraction from)

5) Deniability (they got their recording and leaked the bug to deny how)

While the account does seem a bit odd — especially in our current state — it stills boils down to the fact someone discovered a bug and they seem to have receipts.

Linked tweet shows an email signature on reply from “Deven” of “Apple Product Security” and the senders original message. >> https://twitter.com/mgt7500/status/1090079031666438144?s=21

Ya that poorly obscured email in the message is strongest evidence to suggest this is a real twitter account & story - I believe it’s legitimate. Which makes this story really interesting, that the kid found it, the parent knew how to bug report, the parent went to a twitter account they only recently started using to try to get the word out, and nothing happened. Goes to show process needs improvement and that bug reports truly can come from anywhere.

At the bottom of the screenshot attached to this post you can see her extortion attempt: https://twitter.com/mgt7500/status/1090079031666438144?s=21

  I am willing to give details and provide a home video 
  that I to ok to show you the flaw, but would like to 
  discuss this with someone prior to doing so...
  It is unclear whether Apple provides a reward program
  for non-... [cut off]

I'm not surprised Apple didn't respond to this message.

I too found it odd and only looked into it because she chose to tag one (and only one) "news org" in the post @foxnews - Without the bug report, her account looks like many that have been "taken over" or re-purposed by political operatives.

They just contacted Apple Support to report the bug. The "proper" way to report bugs to apple would be to use bugreport.apple.com.

If the mother did in fact submit a ticket a week ago, it's pretty shameful that the escalation / verification process took more than a week for a bug of this severity.