
Meta provides Quest 2, Portal, and Ray-Ban Tales updates to its bug bounty program
Fb dad or mum firm Meta is including updates to its bug bounty program for merchandise from its metaverse division Actuality Labs, together with its Quest 2, Portal, and Ray-Ban Tales sensible glasses, the corporate introduced Friday. The work will play an vital function in its “journey to assist construct the metaverse,” in keeping with a press launch.
The press launch emphasised that verified Ray-Ban Tales bug submissions are eligible for awards, which it’s hoping will incentivize extra researchers to “analyze the glasses and our different {hardware} units.” The minimal award for locating a bug is $500, and the quantities improve relying on the system and the potential influence of the bug found. The most important payout listed is $30,000 however might go even larger on the firm’s discretion, for bugs that might doubtlessly end in well being, security, or privateness dangers.
Meta supplied a listing of hypothetical bugs and what the payouts might seem like:
A difficulty that will enable a malicious third-party software to inject content material that’s then consumed by a first-party software, comparable to footage to a slideshow or audio to a name, would obtain a ~$1,000 payout below the “Points attributable to doubtlessly malicious third-party apps”
A 3rd-party app gaining microphone entry with out requesting it on a Quest system would obtain a $5,000 payout below “Unauthorized mic entry by third-party app.”
A 3rd-party software on Quest that is ready to crash or disable Guardian would obtain a $3,000 payout below “DoS”
Distant code execution by way of a buffer overflow within the Quest voice chat library, getting execution in a privileged first-party software would obtain a $16,000 payout.
The corporate first established its bug bounty program in 2011 and says it’s been instrumental in serving to it discover and repair bugs, with practically $2 million in awards paid to safety researchers final yr alone, in keeping with a weblog publish from firm safety engineering supervisor Dan Gurfinkel.
The whole listing of payouts and tips will be discovered right here.