Adobe company, since the last update, Flash Player version 20.0.0.270, has passed a week; the commercial market used loopholes to bypass these security updates, which currently generated new interest for 100,000 dollars.
Vulnerability trading platform Zerodium recently announced on Twitter, willing to break the latest version of Flash’s “heap isolation” feature of staff to pay 10 million dollars. This memory defense mechanism that allows the use of certain types of security vulnerabilities is more complex, but it also means that hackers in recent years for injecting malware in a flash is no longer helpful.
Also Read: Top 10 Best Hacking Tools For Linux
Adobe, in early 2015 with the Google Project Zero vulnerability research team, jointly developed this new feature; meanwhile, the Project Zero team also reported that a third of the Flash Player vulnerability had been fixed in 2015.
Zerodium Announced Bounty $10 Million On Cracking Latest Version of Flash
Adobe’s chief scientist Shantanu Narayen on December 21 last year, published a blog post that Google Project Zero developed a heap isolation characteristic vector; Adobe company’s means of protection is extended to the ByteArray class. “After last week, Adobe rewrote the memory manager to expand the application heap isolation characteristics scope.”
May this month, Zerodium means bypassing the heap of isolation characteristics and sandbox mechanism with a $ 100,000 reward. It cannot avoid the sandbox mechanism but can beat the heap isolation mechanism, which means you can get $ 65,000.
Also Read: Top Best Hacking Tutorials
Chaouki Bekrar established a Zerodium; he is now connected to the dissolution of the French vulnerability research firm Vupen Security’s founder; the company manufactures and sells to the government due to its vulnerability and well-known. Zerodium goals and Vupen are similar, but they create their vulnerabilitiewhich getsets from the hands of third-party vulnerability researchers.
Zerodium of vulnerability very demanding: high-risk level, can reliably use, based on modern operating systems, software, and equipment, have not been reported to the affected vendor. Zerodium companies claim to be able to provide the necessary information to order its security vulnerability research services to customers, plus protective measures and safety recommendations. These customers include “national defense, science and technology, finance zero-day vulnerability protection areas in need of major enterprises, and the need for specific and customized security capabilities-governmental organizations.”
Also Read: How To Use iPhone As Mouse and Keyboard.
Zerodium and other vulnerability collection platforms provide a high return in terms of the complexity for security researchers refused to attract them not to report vulnerabilities to the affected vendors, but delays in the progress of the software update, allowing users more time inside in a state of insecurity. In terms of bounty, few manufacturers can reach the software vulnerabilities collection platform level.
September, Zerodium, to be able to invade iOS9 browser vulnerability, bid one million dollars. November, the platform has the group said in a statement to get a reward.
