InShortViral: Adobe company since the last update Flash Player version 184.108.40.2060 has passed a week, commercial market to use loophole to bypass these security updates which is currently have generated new interest for $ 100,000 dollar.
Vulnerability trading platform Zerodium recently announced on Twitter, willing to break the latest version of Flash “heap isolation” feature of staff to pay 10 million dollars. This memory defense mechanism that allows the use of certain types of security vulnerabilities more difficult, but also means that hackers in recent years for injecting malware in the flash is no longer useful.
Also Read: Top 10 Best Hacking Tools For Linux 2016
Adobe in early 2015 with the Google Project Zero vulnerability research team jointly developed this new feature, meanwhile, Project Zero team also reported that a third of the Flash Player vulnerability has been fixed in the year 2015.
Zerodium Announced Bounty $10 Million On Cracking Latest Version of Flash
Adobe’s chief scientist Shantanu Narayen on December 21 last year published a blog post that Google Project Zero developed a heap isolation characteristic vector, Adobe company is the means of protection is extended to the ByteArray class. “After last week, Adobe rewrite of the memory manager, to expand the scope of application heap isolation characteristics.”
May this month, Zerodium means to bypass heap of isolation characteristics and sandbox mechanism with $ 100,000 reward. Can not bypass the sandbox mechanism, but can beat heap isolation mechanism means you can get $ 65,000.
Also Read: Top Best Hacking Tutorials In 2016
Chaouki Bekrar last year established a Zerodium, he is now connected to the dissolution of the French vulnerability research firm Vupen Security’s founder, the company manufactures and sales to the government due to the vulnerability and well-known. Zerodium goals and Vupen similar, but create their own vulnerabilities, it gets from the hands of a third-party vulnerability researchers.
Zerodium of vulnerability very demanding: high-risk level, can reliably use, based on modern operating systems, software, and equipment, have not been reported to the affected vendor. Zerodium companies claim to be able to provide the necessary information to order its security vulnerability research services to customers, plus protective measures and safety recommendations. These customers include “national defense, science and technology, finance zero-day vulnerability protection areas in need of major enterprises, and the need for specific and customized security capabilities-governmental organizations.”
Also Read: How To Use iPhone As Mouse and Keyboard
Zerodium and other vulnerabilities collection platform provide a high return in terms of difficult for security researchers refused to attract them not to report vulnerabilities to the affected vendors, but delays in the progress of the software update, allowing users more time inside in a state of insecurity. In terms of bounty, few manufacturers are able to reach the level of software vulnerabilities collection platform.
September, Zerodium to be able to invade iOS9 browser vulnerability bid one million dollars. November, the platform has the group said in a statement to get a reward.