LinkedIn shuts clickjacking flaw

By

Users could be tricked into deleting contacts.

LinkedIn has closed a clickjacking flaw in the remove connections feature of its website.

LinkedIn shuts clickjacking flaw

It took the company nearly four months to close the vulnerability after it was reported by Indian security consultant Jovyn Lobo.

The flaw could allow attackers to trick users into deleting their LinkedIn contacts, Lobo said.

"This may potentially trick a genuine user into clicking on something different to what the user perceives they are clicking on, thus potentially deleting some existing connections in their profile while clicking on seemingly innocuous web pages," he said.

"An attacker could perform a UI redress attack against this vulnerability by designing innocuous seeming web pages and trick a logged in user to remove some of his/her existing connections."

He posted a proof of concept video to demonstrate the attack.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?