BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Meta Launches WhatsApp Research Proxy to Boost Bug Bounty Program

  • Meta has introduced the WhatsApp Research Proxy tool to aid bug bounty researchers in analyzing WhatsApp’s network protocol.
  • The company awarded over $25 million in bug bounties in 15 years, including $4 million this year for nearly 800 valid reports.
  • A WhatsApp security flaw allowed mass enumeration of 3.5 billion phone numbers using the contact discovery feature, now mitigated by added anti-scraping protections.
  • Additional vulnerabilities include an incomplete validation bug in WhatsApp and a code execution flaw in Unity apps on Quest devices.
  • Researchers earlier demonstrated how WhatsApp delivery receipts could be exploited for privacy breaches and resource exhaustion attacks.

In November 2025, Meta rolled out the WhatsApp Research Proxy tool to selected bug bounty researchers to enhance the study of WhatsApp’s network protocol. This initiative supports in-depth analysis of the messaging platform, which remains a target for state-sponsored and commercial spyware threats. The company also launched a pilot program inviting research teams to focus on combating platform abuse with internal engineering support, aiming to encourage broader academic participation in bug bounty efforts, as stated here.

- Advertisement -

Over the past 15 years, Meta has distributed more than $25 million in bug bounty rewards to upwards of 1,400 researchers from 88 countries. In 2025 alone, the company paid over $4 million for nearly 800 confirmed security reports out of approximately 13,000 submissions. Noteworthy bugs addressed include an incomplete validation flaw in WhatsApp versions prior to v2.25.23.73 on iOS and Mac, which could have allowed users to trigger content processing from arbitrary URLs on other devices. There is no indication this issue was exploited in the wild.

Another critical fix involved a vulnerability, tracked as CVE-2025-59489 and detailed here, affecting Unity applications on Quest devices that could permit malicious apps to achieve arbitrary code execution. This flaw was reported by RyotaK of Flatt Security.

Meta additionally fortified WhatsApp against an attack reported here that exploited the contact discovery feature to scrape user data, compiling a database of all 3.5 billion active WhatsApp users worldwide. The method bypassed rate-limiting defenses, enabling enumeration of phone numbers and gathering publicly accessible information such as profile images, About sections, and update timestamps. Researchers found millions of number registrations in countries where WhatsApp is officially banned, including China and Myanmar.

According to Gabriel Gegenhuber, lead author of this study from the University of Vienna, “Normally, a system shouldn’t respond to such a high number of requests in such a short time – particularly when originating from a single source.” This vulnerability permitted unlimited server requests to map user data globally.

- Advertisement -

Earlier research by Gegenhuber and colleagues, documented here, revealed that WhatsApp delivery receipts could be exploited to extract private user activity details without consent. They demonstrated that crafted messages might trigger these receipts to track device usage, infer schedules, or launch attacks that drain battery or data without alerting the user.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

ChartUp Solana Volume Bot: An All-in-One Toolkit Review

Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services....

ChartUp Solana Volume Booster: Random Trade Size Tests

A private Solana test becomes less informative when every swap repeats the same value....

WordPress core hit by zero-click RCE bug, patch now live

WordPress patched a pre-authentication remote code execution flaw in versions 6.9.5 and 7.0.2 on...

ECB: Stablecoin growth puts European bank deposits at risk

ECB board member Piero Cipollone warned Friday that stablecoin growth could strip European banks...

Tesla Launches Megacharger Network with Bloomington Station

Tesla opened a new public Megacharger station in Bloomington, California, calling it the start...

Must Read

Top 10 Best Blockchain Games

If you want to know about the best blockchain games then read this article carefully. We listed the best games you can play and...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading