The latest on the Yahoo breach, Germany’s problem with WhatsApp-Facebook, Facebook’s osquery tool for Windows, and Zerodium’s $1.5M iOS bounty are all discussed.
Well, there’s some good news for Hackers and Bug hunters, though a terrible news for Apple!
Exploit vendor Zerodium has tripled its bug bounty for an Apple’s iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million.
Yes, $1,500,000.00 Reward.
That’s more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program.
Last week, Apple finally announced a bug bounty program for researchers and white hat hackers to find and get paid for reporting details of zero-day vulnerabilities in its software and devices.
The company offers the biggest payout of $200,000, which is 10 times the maximum reward that Google offers and double the highest bounty paid by Microsoft.
But now Apple is going to face competition
A Silverlight vulnerability patched yesterday by Microsoft could be tied to a Russian hacker who tried to sell a similar zero day to the Hacking Team.
Mike Mimoso and Chris Brook discuss the week in news: How the Dutch are opening encryption with open arms, the end of support for IE 8, 9, and 10, and the latest bounty offered up by Zerodium.
Exploit acquisition company Zerodium announced it would pay up to $100,000 for heap isolation mitigation bypasses against Adobe Flash Player.
A well-known company popular for buying and selling zero-day vulnerabilities is now offering up to $100,000 for providing a working zero-day exploit for bypassing the Flash Player’s Heap Isolation mitigation.
Few months back, Adobe deployed Heap Isolation in Flash version 18.0.0209 with an aim at making the Use-After-Free (UAF) vulnerabilities more difficult for cybercriminals to exploit.
Adobe’s announcement that it has retooled—and renamed—Flash is a longterm signal that the vulnerable and fatigued platform is on its last legs.