Following the rollout of iOS 12.1.4, Apple will switch group FaceTime calls back on, but only for those who have applied the update. They could also sometimes see your video if you pressed the side button to silence the call.
It's not clear how much Apple will be paying the family, but it was previously confirmed that the discovery was eligible for Apple's bug bounty program, which offers rewards of up to $200,000 for security researchers who find vulnerabilities on Apple's software platforms. Details of this new bug and how it could be exploited were not disclosed by Apple.
Live Photos won't work unless you update your device as Apple has updated their servers to block the feature from devices not running the latest security update.
In addition to the macOS and iOS updates, Apple also released Shortcuts 2.1.3 to fix vulnerabilities found in Shortcuts for iOS.
The bug was discovered by 14-year-old Grant Thompson from Arizona and his name was credited on the security page together with Daven Morris from Texas as shown above. Media coverage, however, appears to be what escalated the problem to Apple's attention, which is why the company - after issuing an apology and an assurance that it's working fast to fix the bug - told CNBC that it's "committed to improving the process by which we receive and escalate bug reports".
For macOS users, the 10.14.3 update may automatically be installed.