‹ Jumping on the bandwagon “EPIC FAIL” OK not really… — Book Review: Fuzzing | Brute Force Vulnerability Discovery ›
Clickjacking PoC was released yesterday.
Yesterday a PoC of the Clickjacking exploit was released. Today Adobe released a workaround to fix the Clickjacking vulnerability in Flash. Here is a video of the PoC.
httpv://www.youtube.com/watch?v=gxyLbpldmuU
Since I shared this with my students last month I wanted to share the details now that they have been made public. The whole Clickjacking exploit has had a lot of people on edge. I even had a student that thought his site was effected by Clickjacking. He sent me the Flash files and it was actually a CSRF. I will post a summary of what the problem was and how I was able to identify it in a future post.
If you aren’t already, now would be a good time to add-on NoScript and Flashblock in your Firefox browser. Make sure you “forbid <IFRAME>” in the NoScript configuration. I would also make sure you keep any cameras and/or microphones diconnected when not in use to play it safe.
UPDATE: More details from one of the founders of Clickjacking.
