Sign in / up

back to article Bash, smash, trash Flash – earn $100k cash

Hackers can score US$100,000 from exploit arbitrage outfit Zerodium if they bypass Adobe's latest Flash heap isolation defence. Hackers will have to craft an exploit that escapes the sandbox to hit the jackpot, because that's more complex than a non-sandbox break which attracts a $65,000 reward. It comes less than a month …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mark 85

    Not dead yet, is it?

    What will it take? Nuke from space? Since that won't happen... maybe Adobe should up the ante and offer more if the exploit is reported to them.

    1 0 Reply
    1. Drs. Security
      Reply Icon

      Re: Not dead yet, is it?

      thought it was pretty dead as well.

      This has a very nice similarity to the dead parrot sketch IMHO :)

      2 0 Reply
      1. frank ly
        Reply Icon

        Re: Not dead yet, is it?

        Pehaps someone with humour, imagination and creative writing skills could produce a short sketch for our amusement?

        0 0 Reply
    2. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Not dead yet, is it?

      >maybe Adobe should up the ante and offer more if the exploit is reported to them.

      Maybe they should increase the core development team - there used to be 13 or 14 of them - rumoured to be down to a team of 3 now - 2 or 3 exploits worth.

      1 0 Reply
  2. Ole Juul

    That's nice. Now go away.

    But if you hang around, could you at least solve the problem of "your flash player is out of date" messages, when it isn't?

    0 0 Reply
  3. The Alphabet

    Uninstalling flash (or not installing to start) is 100% secure and cannot be defeated by Adobe. Can i have the $100k now?

    3 0 Reply
    1. Charles 9
      Reply Icon

      No, because out there are highly expensive enterprise control systems that MUST be accessed by Flash and nothing else. They're stuck with the hardware so they're stuck with Flash.

      1 0 Reply
      1. The Alphabet
        Reply Icon

        That's far too sensible :(

        0 0 Reply
    2. MyffyW Silver badge
      Reply Icon

      Tempted to do an experiment as to how long I can live without Flash and which one of my brood complains first. Might make up for my moral failings with regard to an alcohol-free January, which lasted about an hour.

      0 0 Reply
  4. breakfast Silver badge

    Hey, kids, rock and roll

    This headline scans nicely to "Drive" by REM.

    0 0 Reply
  5. CPU

    Someone call time

    How long is this going to keep being "fixed". Abode needs to deep-6 this security sieve, the only people who like Flash (and Reader for that matter) are the hackers.

    0 1 Reply
    1. Charles 9
      Reply Icon

      Re: Someone call time

      As long as there are systems out there—very expensive systems—that require Flash to operate, and no alternatives exist for it.

      1 0 Reply
  6. amanfromMars 1 Silver badge

    For New AI Orderly World Order, Simply Press to Test :-) .... and Activate ViaRemoteActualisation*

    Uhley said Project Zero was responsible for a third of reported vulnerabilities and labelled the security community "immensely helpful" in identifying holes.

    And they be W3worm holes for zeroday vulnerability exploiters and export/importers ....... Real Live Virtual Portals to Heavenly Blisses with NEUKlearer HyperRadioProActive IT Systems Actualised Services.

    * SMARTR Active Future Team Viewers

    0 2 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like