LinkedIn shuts clickjacking flaw

By
Follow google news

Users could be tricked into deleting contacts.

LinkedIn has closed a clickjacking flaw in the remove connections feature of its website.

LinkedIn shuts clickjacking flaw

It took the company nearly four months to close the vulnerability after it was reported by Indian security consultant Jovyn Lobo.

The flaw could allow attackers to trick users into deleting their LinkedIn contacts, Lobo said.

"This may potentially trick a genuine user into clicking on something different to what the user perceives they are clicking on, thus potentially deleting some existing connections in their profile while clicking on seemingly innocuous web pages," he said.

"An attacker could perform a UI redress attack against this vulnerability by designing innocuous seeming web pages and trick a logged in user to remove some of his/her existing connections."

He posted a proof of concept video to demonstrate the attack.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Bendigo Bank aims to have Australia's "first agentic SOC"

Bendigo Bank aims to have Australia's "first agentic SOC"

ASD to retire Essential Eight cyber security framework within next two years

ASD to retire Essential Eight cyber security framework within next two years

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

NAB's SecOps rethink focuses on data expert and dev hires

NAB's SecOps rethink focuses on data expert and dev hires

Log In

  |  Forgot your password?