Social media giant increases rewards for critical bugs in Hermes and Spark AR
Spark AR (augmented reality) is the platform used to build quirky and colorful effects within Facebook.
“Given the popularity of AR effects across our products, we’d like to encourage our bug bounty community to look for bugs in Hermes and Spark AR,” a statement reads.
“Native bug submissions have always been eligible under our bug bounty program, and to encourage further research into this area, we’ve decided to increase the payout amounts we award for verified bugs identified in Hermes.”
Bug hunters must provide a valid proof of concept exploit to be eligible for the payout.
Facebook is also offering up to $20,000 for any vulnerability that leaks sensitive information to an attacker.
It comes weeks after a security researcher scored a big pay day for reporting several vulnerabilities that lead to server-side request forgery (SSRF).
The pen tester and application developer, who earned three rewards for two of four discoveries, earned a whopping $30,000.
He discovered an internal blind SSRF in the source code of a publicly accessible endpoint, built using tools from MicroStrategy, that performed custom data collection and content generation.