Adobe warns of 'clickjacking' attacks
Adobe has issued a security alert about its Flash software that makes it vulnerable to being abused by hackers in a practice known as clickjacking. Clickjacking involves subverting a web page so that when a visitor clicks on a link they are redirected to a site the hackers wants them to see. It is a variant of cross-site scripting attacks but appears to be more serious.
The details of the attack were due to be published at the OWASP NYC AppSec 2008 Conference but the talk was withheld at Adobe’s request until a workaround could be developed.
“Let’s be clear though, the responsibility of solving clickjacking does not rest solely at the feet of Adobe as there is a ton of moving parts to consider,” said Jeremiah Grossman, co-founder of Whitehat Security and one of the researchers who uncovered the technique.
Refer here to read full details.