Zerodium Offers $100K for Adobe Flash Heap Isolation Bypasses


January 5, 2016

Despite calls to eliminate Adobe Flash Player, researchers inside and outside the vendor continue to invest in and build mitigations against modern attacks.

As recently as three weeks ago, Adobe announced it had rewritten its memory manager, laying the groundwork for widespread heap isolation, which is an important protection against use-after-free vulnerability exploits.

Today, however, exploit acquisition company Zerodium announced via its Twitter account that it would run a month long bounty program, paying as much as $100,000 for exploit code bypassing the heap isolation mitigation in Flash Player.

Read full story…