Meta has paid out $4 million via its bug bounty program in 2025, which brings the whole awarded by the social media large because the creation of this system to greater than $25 million.
Meta has obtained roughly 13,000 vulnerability experiences this 12 months and 800 of them have been rewarded.
Three experiences have been highlighted by the corporate. One referred to CVE-2025-59489, a Unity vulnerability that prompted motion from each Microsoft and Steam. Within the case of Meta, it might have allowed malicious functions put in on Quest VR headsets to govern Unity functions and execute arbitrary code.
One other report highlighted by Meta was submitted by researchers from the College of Vienna, who described a technique for enumerating WhatsApp accounts at scale.
The researchers used open supply instruments to generate potential cellphone numbers, verified whether or not they’re related to WhatsApp accounts, and compiled publicly accessible info.
One other bug report concentrating on WhatsApp got here from a Meta analyst, who discovered an incomplete validation difficulty that might have been exploited to set off the processing of content material from an arbitrary URL on a consumer’s system.
The corporate says WhatsApp purchasers and server infrastructure are essential targets, but it surely’s not straightforward to seek out vulnerabilities. In response to suggestions from researchers, Meta has determined to create a software that ought to make it simpler to analysis WhatsApp-specific applied sciences.
This software, referred to as WhatsApp Analysis Proxy, is designed for analyzing the messaging utility’s community protocol. The software is at the moment solely out there to some long-time bug bounty hunters. Extra researchers will later be invited to check the software, and the final word purpose is to make it out there to everybody. Commercial. Scroll to proceed studying.
Associated: Apple Bug Bounty Replace: High Payout $2 Million, $35 Million Paid to Date
Associated: Google Paid Out $12 Million through Bug Bounty Applications in 2024
Associated: Google Gives As much as $20,000 in New AI Bug Bounty Program
Associated: Microsoft Boosts .NET Bounty Program Rewards to $40,000
