Researchers are beginning to raise an alarm for what looks like a scary new browser exploit\/threat affecting all the major desktop platforms — Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, Opera and Adobe Flash.<\/p>\n
The threat, called Clickjacking, was to be discussed at the OWASP NYC AppSec 2008 Conference but, at the request of Adobe<\/font><\/a> and other affected vendors, the talk was nixed until a comprehensive fix is ready.<\/p>\n The two researchers behind the discovery — Robert Hansen (left) and Jeremiah Grossman — have released droplets<\/font><\/a> of information <\/font><\/a>to highlight the severity of this issue.<\/p>\n So, what exactly is Clickjacking?<\/p>\n According to someone who attended the semi-restricted OWASP presentation, the issue is indeed zero-day<\/font><\/a>, affects all the different browsers and has nothing to do with JavaScript:<\/p>\n [ SEE: Adobe Flash ads launching clipboard hijack attack<\/font><\/a> ]<\/strong><\/p>\n If that’s not scary enough, consider than the average end user would have no idea what’s going on during a Clickjack attack.<\/p>\n According to Hansen, the threat scenario was discussed with both Microsoft and Mozilla and they concur independently that this is a tough problem with no easy solution at the moment.<\/p>\n Grossman confirmed that the latest versions of Internet Explorer (including version 8) and Firefox 3 are affected.<\/p>\n![\"Clickjacking](\"http:\/\/blogs.zdnet.com\/security\/images\/clickjack_rsnake.png\")
<\/p>\n\n
\n
\n