Tuesday, July 28, 10:21
Home security Higher fees from Facebook for vulnerabilities in Hermes

Higher fees from Facebook for vulnerabilities in Hermes

In an announcement on Friday, the Facebook said it would increase rewards in the program bug bounty available to detect vulnerabilities in Hermes and Spark AR.


The Hermes is a machine JavaScript open source, which was released by Facebook a year ago and is used by applications React native of the company for Android and other software, including Spark AR, an augmented reality platform used to create effects on Facebook, Instagram and even on the company smart screens.

The vulnerabilities found in the native Facebook code are covered by the bug bounty program, but as the company stated it wants to encourage more researchers to deal with Hermes and Spark AR and that's why he added other rewards.

For example, an ethical hacker It could save up to $ 25.000 if it detects a vulnerability or exploit that allows remote code execution when running a Spark AR effect.

"The amount can be adjusted depending on the error and exploitation. For example, an exploitation chain that does not contain an ASLR bypass can lead to a slightly lower fee. Similarly, an out-of-bounds registration where there is no clear path to the RCE will receive a lower fee. " explained Facebook.


A vulnerability that allows an intruder to read user data can be worth an average of $ 15.000. Defects DoS resulting from out-of-bounds errors, can bring in profits between $ 500 and $ 3.000 to researchers.

A researcher can also earn a fee of $ 15.000 if he or she provides the company with a full proof-of-concept (PoC) for a farm, which means they could receive $ 40.000 for a remote code execution vulnerability.

Last year alone, Facebook donated more than $ 2,2 million to its bug bounty program, and a total of nearly $ 10 million since the program began in 2011.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement


62.000 QNAP NAS devices have been infected with QSnatch malware

Cyber ​​security services from the United Kingdom and the United States have issued a joint warning about ...

Cerberus banking Trojan: The team disbands and sells the source code

The source code of Cerberus banking Trojan, based on Android, is being auctioned due to the dissolution of hacking ...

CISA: BIG-IP vulnerability used for attacks on US government

According to a statement from the US Cybersecurity and Infrastructure Security Agency (CISA) on Friday, the recently corrected vulnerability that affects ...

Pepperstone warns its customers about data breach

Pepperstone, a world-renowned foreign exchange broker based in Australia, has warned its customers that malicious agents are sending misleading messages ...

Twitter: Virtual abstention of users as a protest against anti-Semitism

Twitter users of "important profiles" are participating in a 48-hour virtual "abstention", in protest of the anti-Semitic tweets of the grime artist Wiley.

The source code of 50 companies leaked! Among them Microsoft - AMD

Recently, the source code was leaked from the repositories of dozens of companies operating in various sectors, such as the economy, technology, retail ...

Pentagon: Will it publish UFO findings?

The Pentagon may publish UFO findings, while the Senate Committee reports that the strange UFO images continue to be analyzed.

Ubuntu Retro Remix: A gaming distribution for Raspberry Pi devices

Recently, a new distribution of ubuntu was announced, which will be compatible with the Raspberry Pi and ...

Google: Collects data from competitors to develop its apps!

While Google is subject to strict antitrust control, reports have come to light that the company may ...

Samsung Exynos: Will we see them soon on Windows PCs?

Following Samsung's delays in new Exynos mobile processors, it is rumored to be working on an Exynos processor for Windows PCs ....