Zerodium offers $100K bounty to crack new Flash security feature
Zerodium wants to bypass Adobe's heap isolation security feature in Flash.
The security exploit acquisition firm Zerodium announced a $100,000 bounty to anyone capable of bypassing Adobe Flash Player's heap isolation mitigation protocol.
Heap isolation, also called isolated heap, is a newly developed method of mitigating “user after free” vulnerabilities and one of the latest attempts by Adobe to shore up the defenses of its much maligned Flash Player.
The bounty offer, which was announced on Twitter, is good for one month.
Adobe added isolated heap to Flash. This month we pay $100K (with sandbox) and $65K (without sandbox) per #exploit bypassing this mitigation— Zerodium (@Zerodium) January 5, 2016
Previously, Zerodium offered a $1 million bounty to any individual or team who could create an “exclusive, browser-based, and untethered jailbreak for the latest Apple iOS 9 operating system and devices.” The company did report that the bounty was paid out, but gave no other details.
Zerodium acquires and analyzes the information provided by outside researchers and then offers measures and security recommendations to its clients.