Details of the much talked about Clickjack exploit are now available on Jerermiah Grossman’s blog, RSnakes blog and Adobe’s websiteJeremiah and RSnakewere meant to demonstrate clickjack at a recent conference but decided not to in order to give the vendors time to address the problem.  Given that this exploit can be used to remotely use a victim’s webcam and/or microphone the implications for stalking, industrial espionage or indeed national security highlight that the guys were right in waiting. 

Jeremiah and Rsnake should be commended on how they handled this issue and credit should also go to the Adobe PSIRT for their response to the problem.

About the Author: bhimport

Let’s Talk

Please leave your contact details and a member of our team will be in touch shortly.

Name*