Everything you need to know about the massive AT&T outage



pgp encryption android :: Article Creator

Google Now Pays Up To $450,000 For RCE Bugs In Some Android Apps

Google

Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports.

The company made these changes to the Mobile Vulnerability Rewards Program (Mobile VRP) and they apply to what it describes as Tier 1 applications.

The list of in-scope apps includes Google Play Services, the Android Google Search app (AGSA), Google Cloud, and Gmail.

Google now also wants security researchers to focus on flaws that could lead to sensitive data theft and will now pay them $75,000 for exploits that don't require user interaction and can be used remotely.

For exceptional quality reports that include a proposed patch or effective mitigation and a root cause analysis to help find other issue variants, the company will pay 1.5x the total reward amount, allowing researchers to earn up to $450,000 for an RCE exploit in a Tier 1 Android app.

However, they'll get half the reward for low-quality bug reports that don't provide:

  • Accurate and detailed descriptions,
  • A proof-of-concept exploit,
  • Easy steps to reproduce the vulnerability reliably,
  • A clear demonstration of the bug's impact.
    • Category Remote/No User Interaction Via link click Via malicious app /with non-default config Attacker on same network Code Execution $300,000 $150,000 $15,000 $9,000 Data Theft $75,000 $37,500 $9,000 $6,000 Other Vulns $24,000 $9,000 $4,500 $2,400

    "Some additional, smaller changes were also made to our rules. For example, the 2x modifier for SDKs is now baked into the regular rewards. This should increase overall rewards, and will make panel decisions easier," Google information security engineer Kristoffer Blasiak said.

    Google introduced the Mobile VRP last May to pay security researchers for vulnerabilities in the company's Android applications.

    The bug bounty program's main goal was to speed up the process of discovering and fixing security weaknesses in first-party Android apps maintained or developed by Google.

    "The Mobile VRP launched in May 2023, and after one year, it's time to take a look back at what we've achieved," Blasiak added.

    "Most importantly, we received over 40 valid security bug reports, nearing $100,000 in rewards paid to security researchers."





    -

    Comments

    Post a Comment

    Popular Posts

    Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

    Image
    Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET Posted: 19 Feb 2021 04:00 AM PST Brent Lewin/Bloomberg/Getty Images If your choice of encrypted messaging app is a toss-up between Signal , Telegram and WhatsApp , do not waste your time with anything but Signal. This isn't about which has cuter features, more bells and whistles or is most convenient to use -- this is about pure privacy . If that's what you're after, nothing beats Signal. By now you probably already know what happened. On Jan. 7, in a tweet heard 'round the world, tech mogul Elon Musk continued his feud with Facebook by advocating people drop its WhatsApp messenger and use Signal instead. Twitter CEO Jack Dorsey retweeted his call. Around the same time, right-wing social network Parler went dark following the Capito
    Read more

    WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore

    WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore WhatsApp beta update seeks to remind everyone why encryption is so vital - iMore 5 features your next cloud storage provider needs to offer - TechRadar This Week In Security: Pacman, Hetzbleed, And The Death Of Internet Explorer - Hackaday Anonymity Online Is In - The Atlantic What is a Cyberattack? Types and Defenses - eSecurity Planet Best Private Instagram
    Read more

    VPN browser extensions: Why you shouldn't use then - Tech Advisor

    VPN browser extensions: Why you shouldn't use then - Tech Advisor VPN browser extensions: Why you shouldn't use then - Tech Advisor Google Fi calls between Android subscribers will soon be end-to-end encrypted - 9to5Google How to encrypt your computer (and why you should) - Mashable How to encrypt and decrypt a folder on Android with SSE Universal Encryption - TechRepublic 4 ways to send encrypted messages on Android - TechRepublic WhatsApp “end-to-end encrypted” messages aren’t that private after all - Ars Technica ciphertext feedback (CFB) - TechTarget What Is the Windows Encrypting File System (EFS) and How Do You Enable or Disable It? - MUO - MakeUseOf Encrypting your online life is important - Telangana Today Keeper Password Manager Review – Forbes Advisor - Forbes [Update: Screenshot] Google Messages preparing end-to-end encryption for RCS messages - 9to5Google The iOS 15 priva
    Read more