While clickjacking is not a new concept, it's gaining popularity as technique used for malicious websites. As iFrames are logical divisions of a webpage, the approach is to create a "transparent iFrame page" that lines up exactly with the real web page being accessed. The buttons in the "invisible iFrame page" replace the buttons in the real web page. When the user clicks on the button, they may allow malicious software to be loaded or security at the true site they were trying to access to become compromised.
The Adobe Flash facility is one of the most widely installed software products in the world, as it's used by all major browsers. Adobe Flash (v9 and lower) is vulnerable to these attacks and it's a popular method now being used to achieve clickjacking. To stay protected from this threat, users should move to Adobe Flash v10, keeping AV protection updated, keep all O/S and browsers updated, and avoid risky websites.
Clickjacking - What is it?
This vulnerability affects multiple web browsers. Unfortunately, no patch for it is currently available, so users should be careful. The vulnerability has also been found to affect Adobe Flash Player, the most popular rich media internet application today. Adobe has released a security advisory and provided a workaround.
Clickjacking - Adobe recommended workarounds (move to version 10)