• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Events

Exploit Flash Heap Isolation for a chance to “win” $100,000

January 7th, 2016 Ali Raza Cyber Events, Security 0 comments
Exploit Flash Heap Isolation for a chance to “win” $100,000
Share on FacebookShare on Twitter

Exploit Flash Heap Isolation for a chance to “win” $100,000

If you can exploit Adobe’s Heap Isolation mitigation in Flash player version 18.0.0209 – a mechanism deployed to patch the User-After-Free (UAF) vulnerabilities – you’re in for a sweet treat: Zerodium will, in fact, pay you good money.

The startup, founded by Vupen, Chaouki Bekrar’s French-based exploit broker, is committed to buying and sell zero-day vulnerabilities, that are all those undisclosed vulnerabilities latently waiting to be exploited. It recently disbursed $1 Million bounty to a hacker who submitted an untethered exploit (browser-based iOS 9.1/9.2b).

The aforementioned Isolated Heap Mitigation technique is tailored to solve User-After-Free vulnerabilities – memory corruption flaws that allow arbitrary code executions, even remotely. What the Mitigation techniques does is provide an isolated heap – which is, as the name suggests, kept separate from other helps a user can directly access – that prevents precise control of the data, thus eluding the chances for hackers to corrupt memory.

Today Zerodium tweeted “terms and conditions” together with the respective prize that could be won when winning the challenge: $100,000 only available this month for an exploit that can bypass Flash’s Heap Isolation with a sandbox escape, or $65.000 for the same task only this time without a sandbox escape.

[fullsquaread][/fullsquaread]


Adobe added isolated heap to Flash. This month we pay $100K (with sandbox) and $65K (without sandbox) per #exploit bypassing this mitigation

— Zerodium (@Zerodium) January 5, 2016

Easier said than done? Might be the other way round for all those who thrive in the IT environment and are equally eager and thrilled to get their hands dirty right away. Hope they will appreciate the thrill of it better than the money, for Zerodium will re-sell their non-patentable discoveries for higher amounts.

For all those who will stay out of the “hacker games” and want to eliminate zero-day exploits, it’s advisable to disable or uninstall Adobe Flesh Player altogether. Stay safe. At least, try to.

  • Tags
  • Adobe
  • Bug Bounty
  • Exploits
  • Flash
  • security
  • Vulnerability
  • Zerodium
Facebook Twitter LinkedIn Pinterest
Previous article Google fixes vulnerabilities in Android where rooting is a double-edge sword
Next article Windows 10 usage stats show user privacy is a very real concern
Ali Raza

Ali Raza

Ali Raza is a freelance journalist with extensive experience in marketing and management. His work has been featured in many major crypto and tech websites including Hacked, Hackread, ValueWalk, Cryptoslate, CCN, and Globlecoinreport to name a few. Raza is the co-founder of 5Gist.com, too, a site dedicated to educating people on 5G technology.

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Man jailed after attempting to buy 3-year-old girl on dark web
Cyber Crime

Man jailed after attempting to buy 3-year-old girl on dark web

81
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

117
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

156

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us