Thursday, 7 January 2016

#Hacking: Exploit Flash Heap Isolation for a chance to “win” $100,000

 #Hacking: Exploit Flash Heap Isolation for a chance to “win” $100,000

Exploit Flash Heap Isolation for a chance to “win” $100,000 
Exploit Flash Heap Isolation for a chance to “win” $100,000

If you can exploit Adobe’s Heap Isolation mitigation in Flash player version 18.0.0209 – a mechanism deployed to patch the User-After-Free (UAF) vulnerabilities – you’re in for a sweet treat: Zerodium will, in fact, pay you good money.
The startup, founded by Vupen, Chaouki Bekrar’s French-based exploit broker, is committed to buying and sell zero-day vulnerabilities, that are all those undisclosed vulnerabilities latently waiting to be exploited. It recently disbursed $1 Million bounty to a hacker who submitted an untethered exploit (browser-based iOS 9.1/9.2b).
The aforementioned Isolated Heap Mitigation technique is tailored to solve User-After-Free vulnerabilities – memory corruption flaws that allow arbitrary code executions, even remotely. What the Mitigation techniques does is provide an isolated heap – which is, as the name suggests, kept separate from other helps a user can directly access – that prevents precise control of the data, thus eluding the chances for hackers to corrupt memory.
Today Zerodium tweeted “terms and conditions” together with the respective prize that could be won when winning the challenge: $100,000 only available this month for an exploit that can bypass Flash’s Heap Isolation with a sandbox escape, or $65.000 for the same task only this time without a sandbox escape.

Easier said than done? Might be the other way round for all those who thrive in the IT environment and are equally eager and thrilled to get their hands dirty right away. Hope they will appreciate the thrill of it better than the money, for Zerodium will re-sell their non-patentable discoveries for higher amounts.
For all those who will stay out of the “hacker games” and want to eliminate zero-day exploits, it’s advisable to disable or uninstall Adobe Flesh Player altogether. Stay safe. At least, try to.

1 comment:


  1. Telangana DSC Recruitment 2017 Notification is announced in last week of December with District wise Vacancies lists TS DSC 2017 , Telangana DSC 2017, TS DSC Notification 2017, TS DSC Model Papers 2017, Sakshi TS DSC Model Papers 2017, Namasthe Telangana TS DSC Model Papers 2017, TS DSC District wise Vacancies list 2017 Government Primary and Secondary Schools for Secondary Grade Teacher (SGT),Language Pandit (LP),School Assistant(SA)and Physical Education Teacher (PET) Posts with the TS DSC 2017.

    ReplyDelete