Let us look at a more serious scenario of clickjacking attacks. The attacker constructs clickjacking by Flash, completes a series of complex actions, and ultimately controls the camera of the user’s computer.
Adobe has patched this vulnerability in Flash. The attack process is as follows:
First, the attacker produces a Flash game and convinces the user to play this game. The game allows the user to press the “CLICK” button; the position of the button changes after every hit. It has an invisible iframe hidden in Flash. Some clicks in the game are meaningful, but some are invalid. Instructing the user to click can help the attacker complete complex processes. By following this process step by step, the attacker eventually gets access to the user’s camera.