Security & Privacy + Software & Apps

More on “Clickjacking” – batten down the Flash hatches

Posted on October 8th, 2008 by

We recently reported on “clickjacking”, a way to add invisible buttons to web pages, that overlay real buttons, and when you click them, something unexpected happens. Clickjacking has suddenly become a serious security issue, especially with Adobe issuing a security advisory about possible clickjacking in its Flash software. This vulnerability allows malicious users to hijack your microphone or camera, because Flash software allows access to these devices. You can make changes to the privacy settings on the Adobe Flash Player Settings Manager; interestingly, this software is not on your computer, but you access it by loading a web page which contains a Flash “animation” that changes settings on your computer.

In more clickjacking news, Securosis gives an overview of what clickjacking is and how it works. Their one-sentence explanation is especially clear: “Clickjacking allows someone to place an invisible link/button below your mouse as you browse a regular page.” The post then goes on to give more technical details and examples. You won’t be tested on this, but it’s good to be familiar with what this term covers.

See also Intego’s other articles about clickjacking.

Comments are closed.