New post Need visibility? Apply for a FREE post for your Startup.  Apply Here

Big StoryHacksNews

Facebook offers $40k for JS vulnerabilities in bug bounty program.

1 Mins read

Facebook has expanded its bug reward program, offering up to $40,000 for critical vulnerabilities in its open source JavaScript engine.

The social media platform announced that it will increase payouts for bugs in JavaScript engine Hermes and its Spark AR platform.

Spark AR (augmented reality) is the platform used to build quirky and colorful effects within Facebook.
The statement reads:

“Given the popularity of AR effects across our products, we’d like to encourage our bug bounty community to look for bugs in Hermes and Spark AR,”.

“Native bug submissions have always been eligible under our bug bounty program, and to encourage further research into this area, we’ve decided to increase the payout amounts we award for verified bugs identified in Hermes.”

Facebook is also offering about $20,000 for any vulnerability that leaks sensitive information to an attacker.

This comes after a security researcher scored a big pay day for reporting several vulnerabilities that lead to server-side request forgery (SSRF).

The pen tester and application developer, who earned three rewards for two of four discoveries, has earned $30,000 after he discovered an internal blind SSRF in the source code of a publicly accessible endpoint, built using tools from MicroStrategy, that performed custom data collection and content generation.

Source: Harworth Jessica.

Don’t miss any tech news ever!

We don’t spam! Read our privacy policy for more info.

Related posts
News

WeCare secures $350,000 to propel ethical, sustainable lab-grown diamonds

2 Mins read
The search and mining of diamonds have been one of the causes of major armed conflicts in mining communities around the world,…
News

Apple removes WhatsApp, Threads and other apps in China over 'security concerns'

1 Mins read
Amidst the tight control over internet services in China, Apple has removed several popular messaging apps from its App Store in the…
News

X to charge new users for posting in effort to curb bot invasion

2 Mins read
X, formerly known as Twitter, is making plans to tackle the scourge of bots and spam on its platform. The plan, which…
Newsletter Subscription

🤞 Don’t miss any update!

We don’t spam! Read more in our privacy policy

Join our Telegram channel here - t.me/TechpadiAfrica

Leave a Reply