‘Clickjacking’, if you haven’t heard of it, is a method used by malicious individuals to trick users like you into clicking something without you knowing what you’ve clicked. It’s also known as UI-redressing and only works in browsers that support frames/CSS.
The idea is simple: An iframe is positioned above what looks like a clickable button on a website. This iframe is invisible to the user (opacity:0) and so the user unknowingly clicks on the iframe which may contain anything! This can be achieved through CSS alone, no JavaScript is required. A variation of this technique involves the use of JavaScript to move the iframe around the screen inline with the user’s cursor, therefore achieving the same thing but without having to convince the user to click on a button.
Background info
I believe the original concern was related to Flash and how a user could unknowingly enable their webcam and microphone so the attacker would have access. There are some other examples shown here: http://www.grc.com/sn/notes-168.htm.
Adobe resolved this issue in October of last year with a new release of Flash Player. Obviously this only offers protection for that particular exploit – gaining access to webcam/microphone; other more rudimentary techniques still work perfectly today.
