A mother and son from Arizona tried to warn Apple about the eavesdropping FaceTime bug over a week ago.
The flaw, which gained attention on Monday, relates to the company’s FaceTime chat function.
Michele Thompson and her 14-year-old son made several attempts to warn the firm, but say they were mostly ignored.
“Short of smoke signals, I was trying every method that someone could use to get a hold of someone at Apple,” Ms Thompson told the Wall Street Journal.
Apple has not yet commented, other than to say it will push a fix out to users in the coming days. In the meantime, the company has disabled the group calling function of FaceTime.
On Monday, as news of the bug finally gained widespread attention, Ms Thompson wrote: “I have letters, emails, tweets and msgs. sent to Apple for 10+ days reporting the Group FaceTime bug that lets someone listen in. My teenager discovered it! Never heard back from them.”
Her efforts also included using Apple’s support system to file a bug report.
“After several emails w/ Apple, they told me I could register as a developer to submit the bug report which I did (even though I’m the farthest thing from a developer),” she wrote.
“Also emailed it directly to product-security@apple with full details.”
Apple, like many technology companies, has a “bug bounty” programme that pays people for finding new bugs in its products. Ms Thompson said she hoped her son would benefit.
“I would love for my 14-year-old to be rewarded for reporting this. Even a thanks would be amazing!”
The flaw, first revealed by the 9to5Mac blog, appears to occur when both users are running version 12.1 of Apple’s mobile operating system iOS, or newer. It also affects Mac users when they are called from an iPhone.
The technique involves using the software’s group chat function, apparently confusing the software into activating the target’s microphone, even if the call has not been accepted.
The eavesdropping ends when the call is cut after too many rings.
Kevin Beaumont, a security researcher, told the BBC that Apple is likely to deal with a large number of bug reports, which can take time to sort through and prioritise.
“Many companies typically aim for 90 days to resolve reported security issues, and much of that time can be spent reaching the right people and setting the right priorities.
“It appears the mother and son attempting to report this issue were passed around departments by Apple. That isn’t ideal, and something Apple needs to work on.”