• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 6th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Cyber Events » Exploit Flash Heap Isolation for a chance to “win” $100,000

Exploit Flash Heap Isolation for a chance to “win” $100,000

January 7th, 2016 Ali Raza Cyber Events, Security 0 comments
Exploit Flash Heap Isolation for a chance to “win” $100,000
Share on FacebookShare on Twitter

Exploit Flash Heap Isolation for a chance to “win” $100,000

If you can exploit Adobe’s Heap Isolation mitigation in Flash player version 18.0.0209 – a mechanism deployed to patch the User-After-Free (UAF) vulnerabilities – you’re in for a sweet treat: Zerodium will, in fact, pay you good money.

The startup, founded by Vupen, Chaouki Bekrar’s French-based exploit broker, is committed to buying and sell zero-day vulnerabilities, that are all those undisclosed vulnerabilities latently waiting to be exploited. It recently disbursed $1 Million bounty to a hacker who submitted an untethered exploit (browser-based iOS 9.1/9.2b).

The aforementioned Isolated Heap Mitigation technique is tailored to solve User-After-Free vulnerabilities – memory corruption flaws that allow arbitrary code executions, even remotely. What the Mitigation techniques does is provide an isolated heap – which is, as the name suggests, kept separate from other helps a user can directly access – that prevents precise control of the data, thus eluding the chances for hackers to corrupt memory.

Today Zerodium tweeted “terms and conditions” together with the respective prize that could be won when winning the challenge: $100,000 only available this month for an exploit that can bypass Flash’s Heap Isolation with a sandbox escape, or $65.000 for the same task only this time without a sandbox escape.

[fullsquaread][/fullsquaread]


Adobe added isolated heap to Flash. This month we pay $100K (with sandbox) and $65K (without sandbox) per #exploit bypassing this mitigation

— Zerodium (@Zerodium) January 5, 2016

Easier said than done? Might be the other way round for all those who thrive in the IT environment and are equally eager and thrilled to get their hands dirty right away. Hope they will appreciate the thrill of it better than the money, for Zerodium will re-sell their non-patentable discoveries for higher amounts.

For all those who will stay out of the “hacker games” and want to eliminate zero-day exploits, it’s advisable to disable or uninstall Adobe Flesh Player altogether. Stay safe. At least, try to.

  • Tags
  • Adobe
  • Bug Bounty
  • Exploits
  • Flash
  • security
  • Vulnerability
  • Zerodium
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Google fixes vulnerabilities in Android where rooting is a double-edge sword
Next article Windows 10 usage stats show user privacy is a very real concern
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of SpyAdvice.com, too, a site dedicated to educating people on online privacy and spying.

Related Posts
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

Flawed Implementation of RCS Standard putting data of millions at risk

Flawed Implementation of RCS Standard putting data of millions at risk

This Smartwatch is exposing real-time location data of thousands of kids

This Smartwatch is exposing real-time location data of thousands of kids

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Surveillance

Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

1214
Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors
Cyber Attacks

Chinese DDoS tool Great Cannon resurfaces to target Hong Kong protestors

339
Flawed Implementation of RCS Standard putting data of millions at risk
Security

Flawed Implementation of RCS Standard putting data of millions at risk

445
3 arrested, 30,000+ piracy sites shut down in global operation IOSX
News

3 arrested, 30,000+ piracy sites shut down in global operation IOSX

589

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us