A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player's Heap Isolation mitigation.
Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit.
Zerodium is a startup by the infamous French-based company Vupen that Buys and Sells zero-day exploits and vulnerabilities.
Zerodium, which describes itself as "the premium zero-day acquisition platform," recently paid $1 Million bounty to a hacker for submitting a remote browser-based iOS 9.1/9.2b Jailbreak (untethered) Exploit.
What is "Isolated Heap" Mitigation Technique?
The use-after-free vulnerability is a type of memory corruption flaw that can be exploited by Hackers to execute arbitrary code or even allows full remote code execution capabilities.
Isolated Heap mitigation mechanism is designed to solve the usage issue of Use-After-Free (UAF) exploitation.
This Mitigation technique allocates a dedicated heap for selected critical objects to use, which is separate from other heaps that a user can directly access.
Isolated Heap prevents precise control of the data, thus eliminates the hacker's ability to corrupt memory in this way.
Here's The Target to Win $100,000
Today, Zerodium posted a tweet announcing that the company is offering:
$100,000 this month for an exploit that bypasses heap isolation of Flash Player with a sandbox escape.
$65,000 for an exploit that bypasses heap isolation of Flash Player without a sandbox escape.
Now, let’s wait and watch who will win this competition, or I can say that who will be going to sell a new zero-day exploit to the company which is infamous for re-selling them further.
And If you really want to get rid of such nasty zero-day exploits, you are advised to simply disable or completely uninstall Adobe Flash Player immediately. Stay Tuned to our Facebook Page for latest Hacker News stories.
About the Author:
Swati - Hacking News
Swati Khandelwal
Swati Khandelwal is Senior Technical Writer and Security Analyst at The Hacker News. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.
Adobe Flash Player, Flash Exploit, Flash Player Update, Hacking News, Sandbox Bypass, Use-After-Free Vulnerabilities, Vulnerability, Zero-Day Exploit, Zero-Day Vulnerability, Zerodium
-Source: The Hacker News
I think Zero day vulnerabilities can be serious security risks. When searching for an appropriate antivirus solution, look for security software that protects against both known and unknown threats
ReplyDeleteZero-day attack