Exploit broker places $100k bounty on bypassing Flash Player’s latest defenses
A little over two weeks have passed since Adobe strengthened Flash Player with new security defenses, and there’s already interest in the commercial exploit market for ways around them.
Zerodium, a company that buys unpatched and unreported exploits from third-party researchers, announced on Twitter that it is offering $100,000 for exploits that bypass Flash Player’s latest “heap isolation” protection. This memory defense mechanism makes exploiting certain types of security flaws much harder. These account for a large portion of the Flash Player flaws exploited by hackers in recent years to infect computers with malware.