Category: Security

According to a detailed article by Patrick Wardle, OS X with Gatekeeper is vulnerable to attack from applications loading dynamic link libraries (DLLs) that don’t specify a path name. “The operating system looks for the DLL file in a number of well-defined directories. An attacker could thus ‘hijack’ the DLL by placing a rogue DLL file into one of those directories, so that the operating system will find the rogue DLL first….Unfortunately, by abusing a dylib hijack, an attacker can…

      Mac users wanting to save a PDF of their TurboTax return or print to file, are forced to upload their data to Intuit via a silent connection.  The Mac TurboTax license says, “You may save your return as a PDF file and understand it may be processed on Intuit servers, not as part of the Software.” In a February 19 Wall Street Journal article, Intuit blames Apple:  According to Julie Miller, an Intuit spokeswoman, TurboTax made the…