Samsung Announces $1 Million Rewards for Arbitrary Code Execution Vulnerabilities
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Samsung has significantly increased its bug bounty program as part of its ongoing efforts to enhance mobile security.
The tech giant is now offering rewards of up to $1 million for researchers who can demonstrate critical vulnerabilities in its mobile devices, particularly those related to arbitrary code execution on highly privileged targets.
This new initiative, part of Samsung’s Important Scenario Vulnerability Program (ISVP), focuses on vulnerabilities that could significantly impact their products. The program specifically targets the following critical scenarios:
The highest reward of $1 million is reserved for remote arbitrary code execution vulnerabilities targeting Knox Vault, Samsung’s secure environment for storing sensitive data. Other notable rewards include:
To qualify for these top-tier rewards, researchers must meet several criteria:
Samsung’s increased bounties reflect mobile security’s growing importance in an era of increasingly sophisticatedcyber threats. Samsung encourages security researchers to find and report critical vulnerabilities, aiming to prevent potential attacks and protect users’ data.
This move aligns with Samsung’s long-standing commitment to mobile security. The company has been running its Mobile Security Rewards Program since 2016, continuously updating it to cover new devices and services.
The program now encompasses 38 Samsung mobile devices that receive monthly and quarterly security updates and various Samsung Mobile Services like Bixby, Samsung Account, Samsung Pay, and Samsung Pass.
#Cyber_Security_News #Vulnerability #bug_bounty #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Samsung Announces $1 Million Rewards for Arbitrary Code Execution Vulnerabilities
Author: Guru BaranSamsung has significantly increased its bug bounty program as part of its ongoing efforts to enhance mobile security.
The tech giant is now offering rewards of up to $1 million for researchers who can demonstrate critical vulnerabilities in its mobile devices, particularly those related to arbitrary code execution on highly privileged targets.
This new initiative, part of Samsung’s Important Scenario Vulnerability Program (ISVP), focuses on vulnerabilities that could significantly impact their products. The program specifically targets the following critical scenarios:
- Arbitrary code execution on privileged targets.
- Device unlocking and full user data extraction.
- Arbitrary application installation.
- Bypass of device protection solutions.
The highest reward of $1 million is reserved for remote arbitrary code execution vulnerabilities targeting Knox Vault, Samsung’s secure environment for storing sensitive data. Other notable rewards include:
- Up to $400,000 for remote code execution on TEEGRIS OS.
- Up to $300,000 for remote code execution on Rich OS.
- Up to $400,000 for device unlock and full user data extraction before first unlock.
To qualify for these top-tier rewards, researchers must meet several criteria:
- The report must fully satisfy the Good Report Bonus requirements.
- Include a buildable exploit demonstrating a successful attack on one or more Important Scenarios.
- The exploit must work consistently on the latest security update of the latest flagship devices (Galaxy S and Z series).
- The exploit should be executable without privileges.
Samsung’s increased bounties reflect mobile security’s growing importance in an era of increasingly sophisticatedcyber threats. Samsung encourages security researchers to find and report critical vulnerabilities, aiming to prevent potential attacks and protect users’ data.
This move aligns with Samsung’s long-standing commitment to mobile security. The company has been running its Mobile Security Rewards Program since 2016, continuously updating it to cover new devices and services.
The program now encompasses 38 Samsung mobile devices that receive monthly and quarterly security updates and various Samsung Mobile Services like Bixby, Samsung Account, Samsung Pay, and Samsung Pass.
#Cyber_Security_News #Vulnerability #bug_bounty #cyber_security_news #vulnerability
Оригинальная версия на сайте:
