iTnews
  • Home
  • News
  • Technology
  • Security

Adobe warns of ‘clickjacking’ attacks

By Iain Thomson
Oct 9 2008 3:21PM
Follow google news

Adobe has issued a security alert about its Flash software that makes it vulnerable to being abused by hackers in a practice known as clickjacking.

Adobe warns of ‘clickjacking’ attacks
Clickjacking involves subverting a web page so that when a visitor clicks on a link they are redirected to a site the hackers wants them to see. It is a variant of cross-site scripting attacks but appears to be more serious.

The details of the attack were due to be published at the OWASP NYC AppSec 2008 Conference but the talk was withheld at Adobe’s request until a workaround could be developed. The reportis available online.

“Let’s be clear though, the responsibility of solving clickjacking does not rest solely at the feet of Adobe as there is a ton of moving parts to consider,” said Jeremiah Grossman, co-founder of Whitehat Security and one of the researchers who uncovered the technique.

“Everyone including browser vendors, Adobe (plus other plug-in vendors), website owners (framebusting code) and web users (NoScript) all need their own solutions to assist incase the other don’t do enough or anything at all.”

He warns that almost all browsers are vulnerable because of the way they process graphics and only text-based browsers like Lynx are secure.

Grossman has demonstrated for example how a hacked Flash advert can be used to take over control of a computer’s webcam and microphone, turning it into a surveillance device.

“With Clickjacking attackers can do quite a lot. Some things that could be pretty spooky. Things also performed, with a fair amount of ingenuity, quite easily,” he said.

US-CERT has also issued a warning on the practice and browser manufacturers are scrambling to come up with a method of defeating the attacks.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
adobebrowsersclickjackingsecurity

Related Articles

  • Anthropic pulls Mythos-class models globally Anthropic pulls Mythos-class models globally
  • AudiA6 crypto launderers arrested, network taken down by police AudiA6 crypto launderers arrested, network taken down by police
  • US charges suspected Russian hacker with facilitating cyber campaign US charges suspected Russian hacker with facilitating cyber campaign
  • Gov looks for upstream threat blocking by telcos, cloud operators Gov looks for upstream threat blocking by telcos, cloud operators
Join our WhatsApp Channel

Partner Content

The hidden economics of AI: Why token usage matters more than you think
Partner Content The hidden economics of AI: Why token usage matters more than you think
CommBank creates opportunities for technologists to upskill with frontier AI companies
Partner Content CommBank creates opportunities for technologists to upskill with frontier AI companies
From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Promoted Content From test case to control tower: How DXC and ServiceNow are governing enterprise AI at scale
Agile isn’t the problem: why projects still fail, and what’s missing
Partner Content Agile isn’t the problem: why projects still fail, and what’s missing

Sponsored Whitepapers

Are Australian organisations as cyber-ready as they think?
Are Australian organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
Are New Zealand organisations as cyber-ready as they think?
From visibility to execution: Fixing the SaaS management gap
From visibility to execution: Fixing the SaaS management gap
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
When cyber risk has no clear owner: A practical guide for senior Australian business leaders
Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • Forrester's AI Forum Sydney Forrester's AI Forum Sydney
  • The 2026 iAwards The 2026 iAwards
  • Security Exhibition & Conference Security Exhibition & Conference
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Anthropic releases Mythos-class model for public use

Anthropic releases Mythos-class model for public use
Apple bumps up security in fresh operating system releases

Apple bumps up security in fresh operating system releases
Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.