Latest News

ACMA secures pledges from major online retailers to block "dodgy" mobile sales

Vic energy department seeks CIO

Defence gives $84m IT support contract to Unisys

NBN Co puts a longer predictive lens on its digital twin ambitions

Cochlear pilots voice-to-text Salesforce integration for lead management

LinkedIn shuts clickjacking flaw

By SC Australia Staff

Jan 18 2013 2:24PM

Users could be tricked into deleting contacts.

LinkedIn has closed a clickjacking flaw in the remove connections feature of its website.

LinkedIn shuts clickjacking flaw

It took the company nearly four months to close the vulnerability after it was reported by Indian security consultant Jovyn Lobo.

The flaw could allow attackers to trick users into deleting their LinkedIn contacts, Lobo said.

"This may potentially trick a genuine user into clicking on something different to what the user perceives they are clicking on, thus potentially deleting some existing connections in their profile while clicking on seemingly innocuous web pages," he said.

"An attacker could perform a UI redress attack against this vulnerability by designing innocuous seeming web pages and trick a logged in user to remove some of his/her existing connections."

He posted a proof of concept video to demonstrate the attack.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

clickjacking exploits linkedin security vulnerabilities

Partner Content

Private 5G powers data-driven mining

Partner Content Private 5G powers data-driven mining

How small audio upgrades can enhance your hybrid work and improve business ROI

Partner Content How small audio upgrades can enhance your hybrid work and improve business ROI

Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Partner Content Suntory Oceania’s $30 million IT transformation powers carbon-neutral multi beverage facility

Machine identity a key priority for organisations’ security strategies: CyberArk

Partner Content Machine identity a key priority for organisations’ security strategies: CyberArk

Sponsored Whitepapers

The cloud tipping point

The cloud tipping point

How AI will deliver real business value

How AI will deliver real business value

The multicloud imperative

The multicloud imperative

Your multicloud advantage

Your multicloud advantage

The business value of Oracle Autonomous Database

The business value of Oracle Autonomous Database

Events

iTnews Executive Retreat - Security Leaders Edition

Most Read Articles

WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack

Services Australia may get powers to rein in data breach exposure

Services Australia may get powers to rein in data breach exposure

ASX outage caused by security software upgrade

ASX outage caused by security software upgrade

Home Affairs to unleash AI on sensitive government data

Home Affairs to unleash AI on sensitive government data

Sydney-based AI-cloud waste startup raises $3m

Sydney-based AI-cloud waste startup raises $3m

Brennan uses NiCE to modernise its contact centre

Brennan uses NiCE to modernise its contact centre

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Impact Awards: Tecala slashes customer response times for fintech IQumulate

Interactive introduces private cloud platform

Interactive introduces private cloud platform

Digital61 expands cybersecurity portfolio

Digital61 expands cybersecurity portfolio

Most popular tech stories