1 min read

Adobe has finally released an advisory on the "clickjacking" issue

Răzvan STOICA

October 09, 2008

Adobe has finally released an advisory on the "clickjacking" issue

Clickjacking is not an exploit in the traditional sense, in that the affected technology (DHTML) is used, working as intended, and no software “bugs” are used to trigger it either. The PoC activates the user’s camera and microphone and leeches off them (both are features thoughtfully provided by Adobe Flash, which get activated by the user clicking on a button that looks like one thing but is another entirely).

“Coincidentally”, both events (the advisory release and the PoC release) took place on October 7th, once again underlining the importance and community benefits of pressuring vendors into Doing The Right Thing. Indeed, to the uninitiated it would appear that Adobe took the road more travelled and effectively sat on the patch until it was forced to release it and thus admit to having made a mistake sometime in the past.


Those of you who aren’t following this column (for shame!) will be interested to find out that Adobe had in fact pressured the two researchers who dreamed up “clickjacking” into not publicizing details of the exploit.


On an unrelated note, it’s pretty sad to see that the “clickjacking” concept/meme is gaining traction – it’s just a trick with frames, the likes of which have been known since time immemorial.


tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read