All Major Browsers Vulnerable To Clickjacking

September 29, 2008 – 6:49 AM

Security research sites are buzzing about a new attack description called “clickjacking.” The descriptions are still pretty vague, but they are scary enough that US Cert has weighed in and browser vendors are reported to have patches in the works.

The basic description of the attack is that it allows the attack to trick the user into clicking on something other than what they thought they were clicking on. The two researchers who discovered the technique say that it “…gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable.” This click could be the gateway to many other kinds of exploits on your system.

The researchers pulled a speech they were to give last week on it, as well as proof of concept code that was said to affect every major browser and “an Adobe product” (Flash? Acrobat?)


You must be logged in to post a comment.