Breaking News

Meta adds Quest 2, Portal and Ray-Ban Stories updates to its bug bounty program

Meta adds Quest 2, Portal and Ray-Ban Stories updates to its bug bounty program

Facebook's parent company Meta is adding updates to its bug bounty program for products from its Metaverse division Reality Labs, including its Quest 2, Portal and Ray-Ban Stories smart glasses, the company announced Friday. According to a press release, the work will play a key role in "the journey to help build the metaverse."

The press release emphasizes that verified Ray-Ban Stories bug submissions are eligible for the award, which it hopes will encourage more researchers to "analyze the glasses and our other hardware devices." The minimum reward for bug discovery is $500, and amounts increase depending on the device and the potential impact of the bug discovered. The largest payout listed is $30,000, but it can be even higher, at the discretion of the company, for bugs that could potentially result in health, security or privacy risks.

Meta offered a list of hypothetical bugs and what the payout could look like:

An issue that allows a malicious third-party application to inject content that is then consumed by the first-party application, such as pictures in a slideshow or audio for a call," potentially causing problems " will receive a payment of under $1,000. Malicious third-party apps"

Third-party apps that obtain microphone access without requesting them on Quest devices will receive a payment of $5,000 under "Unauthorized Mic Access by Third-Party Apps."

A third-party application on Quest that is able to crash or disable Guardian will receive a $3,000 payment under a "DoS."

Remote code execution via Buffer Overflow in the Quest voice chat library, execution in a privileged first-party application will receive a payment of $16,000.

According to a blog post by Dan Gurfinkel, the company's security engineering manager, the company first established its bug bounty program in 2011 and said that with nearly $2 million in prizes given to security researchers last year alone, finding bugs that could lead to a bug bounty program was not a problem. and has been instrumental in helping to recover.

No comments