Meta paid over $4 million through its bug bounty program in 2025, bringing its total payouts to more than $25 million since inception. The company highlighted significant reports related to Unity vulnerabilities in Quest VR headsets and WhatsApp account enumeration, demonstrating its focus on securing its platform and messaging services. #UnityVulnerability #WhatsAppResearch
Keypoints
- Meta awarded over $4 million in bug bounties in 2025, totaling more than $25 million since the program began.
- The company received approximately 13,000 vulnerability reports this year, with 800 rewarded disclosures.
- One highlighted vulnerability involved a Unity bug in Quest VR headsets that could allow malicious app manipulation.
- Researchers from the University of Vienna identified a method for large-scale WhatsApp account enumeration.
- Meta is developing a new tool, WhatsApp Research Proxy, to facilitate security research on its messaging platform.
Read More: https://www.securityweek.com/meta-paid-out-4-million-via-bug-bounty-program-in-2025/