Adobe has finally released an advisory on the "clickjacking" issue

Adobe has finally released an advisory on the "clickjacking" issue, while a random flash hacker posted on his or her blog a proof of concept which uses this procedure.

Clickjacking is not an exploit in the traditional sense, in that the affected technology (DHTML) is used, working as intended, and no software “bugs” are used to trigger it either. The PoC activates the user’s camera and microphone and leeches off them (both are features thoughtfully provided by Adobe Flash, which get activated by the user clicking on a button that looks like one thing but is another entirely).

“Coincidentally”, both events (the advisory release and the PoC release) took place on October 7th, once again underlining the importance and community benefits of pressuring vendors into Doing The Right Thing. Indeed, to the uninitiated it would appear that Adobe took the road more travelled and effectively sat on the patch until it was forced to release it and thus admit to having made a mistake sometime in the past.

Those of you who aren’t following this column (for shame!) will be interested to find out that Adobe had in fact pressured the two researchers who dreamed up “clickjacking” into not publicizing details of the exploit.

On an unrelated note, it’s pretty sad to see that the “clickjacking” concept/meme is gaining traction – it’s just a trick with frames, the likes of which have been known since time immemorial.

About the author


Razvan Stoica is a journalist turned teacher turned publicist and
technology evangelist. When Bitdefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Razvan Stoica started off writing for a science monthly and was the chief
editor of a science fiction magazine for a short while before moving on to
the University of Medicine in Bucharest where he lectured on the English
language. Recruited by Bitdefender in 2004 to add zest to the company's
online presence, he has fulfilled a bevy of roles within the company since.

In his current position, he is primarily responsible for the communications and community-building efforts of the Bitdefender research and technology development arm.