Hacking News adobe-flash-player-01-700x393-700x336

Published on January 6th, 2016 | 28 views Post Views

Zerodium offers $100,000 to hackers to breach Flash’s new security feature

Zerodium puts up a $100,000 bug bounty for Flash Zero-Day Exploit

Zerodium, the company that deals in exploits and zero-days has put up a fresh $100,000 bug bounty for zero-days in the new Flash security feature.  Zerodium buys zero-day bugs from security researchers and then sells them forward to government intelligence agencies. It has already been in news for offering a $1 million bug bounty to a security researcher for a zero-day bug in Apple’s newly released iOS 9 mobile operating system.

▼Advertisements

Zerodium is offering $100,000 / €93,000 to the first security researcher/security researcher/hacker, who finds a zero-day bug capable of avoiding Flash’s new isolated heap protection. Adobe had deployed Heap Isolation in Flash version 18.0.0209 a few months back, with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit.

Heap Isolation was announced by Adobe in December and is Adobe’s latest weapon against cyber criminals and hackers.  Isolated heap protection is a modern security technique that separates data processes inside the computer’s memory. Adobe worked with Google’s Project Zero developers to develop this feature and it was implemented in the Flash Player version 18.0.0.209.

“This change will limit the ability for attackers to effectively leverage use-after-free vulnerabilities for exploitation,” said Adobe in December.

▼Advertisements

The heap isolation technique has been difficult to crack as seen from the bounty offered by Zerodium. According to a price list published by Zerodium, the max payout for Flash zero-days is $80000. So the $20000 increment in this latest bug bounty is a certificate of sorts for heap isolation technique.

Adobe which has been a major victim of the Hacking Team data breach in June 2015, has taken steps to secure its ever flawed Flash Player.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0




One Response to Zerodium offers $100,000 to hackers to breach Flash’s new security feature

  1. Pingback: Apache XSSF

Leave a Reply

Back to Top ↑

You Might Also Like:
ZIB — The Open Tor Botnet

The Open Tor Botnet (ZIB); Python-based forever-FUD IRC Trojan   ZIB is fully undetectable and bypasses all antivirus by running...

Close