After shelving plans to detail a browser clickjacking vulnerability that is indirectly related to Adobe Systems' products at the company's request earlier this month, a security researcher plans to detail the flaw next month After shelving plans to detail a browser clickjacking vulnerability that is indirectly related to Adobe Systems’ products at the company’s request earlier this month, a security researcher plans to detail the flaw next month.Jeremiah Grossman, chief technology at White Hat Security, will discuss the vulnerability at the Hack In The Box (HITB) conference in Kuala Lumpur, Malaysia. “We have no ETA on Adobe fixes, but we’re hopeful that it’ll be weeks and not months. Whether or not they ‘patch,’ it will not change the content of my keynote speech,” he wrote in an e-mail.Grossman was scheduled to detail the clickjacking flaw with Robert Hansen, CEO of SecTheory, at the Open Web Application Security Project conference in New York, but they pulled the presentation at Adobe’s request. The hackers said no pressure was put on them, but Adobe wanted time to study and address the vulnerability before it was made public. “This is not an evil ‘the man is trying to keep us hackers down’ situation,” Hansen wrote on his blog at the time.Clickjacking is an attack where a user clicks on a button in a browser, thinking the button will perform a specific function, such submitting a news story to Digg, but instead an attacker hijacks the button to use it for another purpose. The vulnerability is “obviously scary enough for Adobe to call it a critical issue and ask for more time, even though they were only indirectly affected,” Grossman wrote in an e-mail. Over the weekend, Grossman and Hansen planned to inform Adobe of their intent to proceed with the presentation and make the proof-of-concept code they developed available.“We gave Adobe time out of courtesy because they asked and we have a good working relationship with them. They are using the time productively, but we could not agree to another delay,” Grossman wrote. “Our belief is clickjacking as an issue is not a problem in their software, but with browsers in general. It would not be fair to the others that it does impact to be without the information they need.” HITB will be held in Kuala Lumpur from Oct. 27-30. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe