"A researcher has “hacked” the mysterious clickjacking attack and today posted a demonstration in his blog on how the Web-borne attack works.
Details of the dangerous clickjacking attack have been closely held by the two researchers who discovered it -- Jeremiah Grossman and Robert “RSnake” Hansen -- at the request of Adobe, which wanted more time to patch its software from the attack, although the attack has to do with the way browsers and the Web work. (See Clickjacking Defense Will Require Browser Overhaul and Disclosure of Major New Web 'Clickjacking' Threat Gets Deferred.)
But a researcher with a blog called “GuyA.Net”spilled the beans today with a proof-of-concept that controls a user’s Webcam and microphone once the user clicks on hidden malware on the Web page.
Adobe is expected to release a patch today to protect its applications from the clickjacking attack. Adobe was not available for comment at this posting.
The attack could be used for corporate espionage or other even creepier virtual surveillance -- think online peeping Toms, industry experts say."