Meta to cover integrity check evasion flaws in bug bounty program

SecurityWeek reports that Facebook parent firm Meta has expanded its bug bounty program to include rewards for flaws that could be abuse to evade Facebook integrity checks, including two-factor authentication for some business manager accounts, as well as the platform's feature restrictions and application verification processes. Meta will be awarding up to $2,000 to researchers determining endpoints that could be bypassed by Business Manager 2FA prompts, while rewards of up to $20,000 and up to $15,000 could be given to researchers identifying issues enabling the creation of "an arbitrary amount of prepaid balance without using a valid payment method," and the omission of "an arbitrary outstanding balance without a valid payment," respectively, according to Meta. Researchers could also be given up to $20,000 for discovering techniques for ad revenue generation through fake impressions. Meanwhile, up to $10,000 could be awarded to those who could identify novel highly scalable and exploitable attack vectors.