A couple of weeks ago details of a new browser vulnerability dubbed clickjacking were revealed, causing panic among users as well as browser developers. Victims of this security flaw could unwittingly give out personal information to a hacker, download malware to their hard drive, or even surrender control of their entire operating system.
Researchers Robert Hansen and Jeremiah Grossman, responsible for discovering clickjacking, initially refused to release in-depth details for fear of them being exploited in the field. They chose instead to work with several browser vendors as well as Adobe, whose Flash application was part of the problem. However, due to what they're calling someone else's "careless disclosure", the duo chose yesterday to elaborate a bit on how clickjacking actually works.
It turns out that there are several different issues at hand, each requiring their own type of resolution. Pretty scary stuff. The bright side here is that some of the issues have already been resolved internally by Adobe and will be released as part of the next update to Flash 10. Also, newer versions of the Firefox add-on NoScript include "ClearClick protection" which addresses vulnerabilities to cross-domain clickjacking. If you already have NoScript installed, it is imperative that you update to the latest version.(Photo © cmcderm1 - #3642711/stockxpert)