Meta, earlier Facebook, stated today that it will expand its bug reward programme to include vulnerabilities that can be used to circumvent integrity checks.
According to the firm, the programme extension is intended to focus researchers’ attention on security flaws that attackers may use to circumvent specific integrity checks designed to prevent abusive behaviours. These checks may include requiring two-factor authentication for specific business manager accounts, verifying applications through Facebook’s own process, or enforcing feature restriction policies.
Researchers who identify endpoints that are capable of performing sensitive operations without eliciting a Business Manager two-factor authentication (2FA) prompt may be compensated up to $2,000 for their findings.
Read More: https://www.securityweek.com/meta-offers-rewards-flaws-allowing-attackers-bypass-integrity-checks