A vulnerability has been discovered that allegedly allows an attack to misrepresent the destination of a link on their website in order to lead the reader to a destination of the attackers choice. The details are thus far being withheld at the behest of Adobe.
[ You are not allowed to view attachments ]
(http://www.theregister.co.uk/2008/09/16/critical_vulnerability_demo_pulled/)
In another event for the "internet is broken" files, two prominent security researchers have pulled a scheduled talk that was to demonstrate critical holes affecting anyone who uses a browser to surf the web.
Jeremiah Grossman and Robert "RSnake" Hansen say they planned to demonstrate serious "clickjacking" vulnerabilities involving every major browser during a presentation scheduled for September 24 at OWASP's AppSec 2008 Conference in New York. They canceled their talk at the request of Adobe, one of the developers whose software is vulnerable to the weakness, they say.
Full Story (http://www.theregister.co.uk/2008/09/16/critical_vulnerability_demo_pulled/)
Ehtyar.