Latest News

From advisory to enterprise execution

Composability in the Great Content Collapse

Service NSW charts a path off VMware's container platform

South Korea says it will pursue all options to avoid Samsung strike

Australia Post's future IT estate to rely on 13 "platform ecosystems"

LinkedIn shuts clickjacking flaw

By SC Australia Staff

Jan 18 2013 2:24PM

Users could be tricked into deleting contacts.

LinkedIn has closed a clickjacking flaw in the remove connections feature of its website.

LinkedIn shuts clickjacking flaw

It took the company nearly four months to close the vulnerability after it was reported by Indian security consultant Jovyn Lobo.

The flaw could allow attackers to trick users into deleting their LinkedIn contacts, Lobo said.

"This may potentially trick a genuine user into clicking on something different to what the user perceives they are clicking on, thus potentially deleting some existing connections in their profile while clicking on seemingly innocuous web pages," he said.

"An attacker could perform a UI redress attack against this vulnerability by designing innocuous seeming web pages and trick a logged in user to remove some of his/her existing connections."

He posted a proof of concept video to demonstrate the attack.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

clickjacking exploits linkedin security vulnerabilities

Partner Content

Why Backing Up Your Microsoft 365 Data Is Only Half the Job

Partner Content Why Backing Up Your Microsoft 365 Data Is Only Half the Job

Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment

Promoted Content Onel Consulting Strengthens Its White-Glove Services With Strategic COO Appointment

Intelligence × Trust: the equation that will decide Australia's AI winners

Promoted Content Intelligence × Trust: the equation that will decide Australia's AI winners

Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026

Partner Content Thomas Peer Solutions unveils data cloud platform and executive leadership forum for 2026

Sponsored Whitepapers

The biggest AI opportunities are still ahead

The biggest AI opportunities are still ahead

Beyond RAG basics: Strategies and best practices for implementing RAG

Beyond RAG basics: Strategies and best practices for implementing RAG

AI Workflows vs AI Agents Whitepaper

AI Workflows vs AI Agents Whitepaper

Context Engineering with Hybrid Search for Agentic AI

Context Engineering with Hybrid Search for Agentic AI

Building AI-powered Search Experiences

Building AI-powered Search Experiences

Events

Most Read Articles

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Medibank reveals attack vector and cost of 2022 security breach

Medibank reveals attack vector and cost of 2022 security breach

USB stick opens Windows BitLocker drives in new zero-day

USB stick opens Windows BitLocker drives in new zero-day

Trend Micro's enterprise unit shuts Sydney engineering team

Trend Micro's enterprise unit shuts Sydney engineering team

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories