Meta Paid Out Million via Bug Bounty Program in 2025

Meta Paid Out $4 Million via Bug Bounty Program in 2025

Posted on By CWS

Meta has paid out $4 million via its bug bounty program in 2025, which brings the whole awarded by the social media large because the creation of this system to greater than $25 million. 

Meta has obtained roughly 13,000 vulnerability experiences this 12 months and 800 of them have been rewarded. 

Three experiences have been highlighted by the corporate. One referred to CVE-2025-59489, a Unity vulnerability that prompted motion from each Microsoft and Steam. Within the case of Meta, it might have allowed malicious functions put in on Quest VR headsets to govern Unity functions and execute arbitrary code.

One other report highlighted by Meta was submitted by researchers from the College of Vienna, who described a technique for enumerating WhatsApp accounts at scale. 

The researchers used open supply instruments to generate potential cellphone numbers, verified whether or not they’re related to WhatsApp accounts, and compiled publicly accessible info.

One other bug report concentrating on WhatsApp got here from a Meta analyst, who discovered an incomplete validation difficulty that might have been exploited to set off the processing of content material from an arbitrary URL on a consumer’s system.

The corporate says WhatsApp purchasers and server infrastructure are essential targets, but it surely’s not straightforward to seek out vulnerabilities. In response to suggestions from researchers, Meta has determined to create a software that ought to make it simpler to analysis WhatsApp-specific applied sciences. 

This software, referred to as WhatsApp Analysis Proxy, is designed for analyzing the messaging utility’s community protocol. The software is at the moment solely out there to some long-time bug bounty hunters. Extra researchers will later be invited to check the software, and the final word purpose is to make it out there to everybody. Commercial. Scroll to proceed studying.

Associated: Apple Bug Bounty Replace: High Payout $2 Million, $35 Million Paid to Date

Associated: Google Paid Out $12 Million through Bug Bounty Applications in 2024

Associated: Google Gives As much as $20,000 in New AI Bug Bounty Program

Associated: Microsoft Boosts .NET Bounty Program Rewards to $40,000

Security Week News Tags:, , , , ,

Related Posts

CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) CodeSecCon Is Today: Where Software Security’s Next Chapter Unfolds (Virtual Event) Security Week News
Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift Ramnit Malware Infections Spike in OT as Evidence Suggests ICS Shift Security Week News
aiFWall Emerges from Stealth With an AI Firewall aiFWall Emerges from Stealth With an AI Firewall Security Week News
Managing Technical Debt in AI-Driven Software Development Managing Technical Debt in AI-Driven Software Development Security Week News
Swimlane Raises Million for Security Automation Platform Swimlane Raises $45 Million for Security Automation Platform Security Week News
‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks ‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks Security Week News