Friday, May 26, 2017
Home / Security / Exploits / Bug in Flash – Researcher gets paid $10k

Bug in Flash – Researcher gets paid $10k

The Internet Bug Bounty program, a supportive effort among security experts and companies, paid its very first $10,000 bounty recently for a serious Flash vulnerability. The exploit, which Adobe patched in December, had been a serious one that has been utilized in spear phishing attacks.

The Bug Bounty system, which started last November, is a program put in place by security researchers and supported by Microsoft and Facebook to reward experts who reveal bugs properly. Both Microsoft and Facebook also have have their own bounty programs that cover the basis of their products.

The Internet Bug Bounty program is designed to include some core Internet technology including DNS and SSL, in addition to widely deployed software such as Flash, Java,  Google Chrome and Internet Explorer.

The group has been shelling out some smaller sized payouts, however, this would be the first five-figure payout from the group, which is understandable, due to the impact this vulnerability could have had.

David Rude, an iDefense Labs researcher who was been given the bounty, didn’t report the bug straight to the IBB, but to Adobe. He also did not discover it himself; he found attackers using the exploit, but was still paid the full amount.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …