According to a detailed article by Patrick Wardle, OS X with Gatekeeper is vulnerable to attack from applications loading dynamic link libraries (DLLs) that don’t specify a path name.
“The operating system looks for the DLL file in a number of well-defined directories. An attacker could thus ‘hijack’ the DLL by placing a rogue DLL file into one of those directories, so that the operating system will find the rogue DLL first….Unfortunately, by abusing a dylib hijack, an attacker can bypass Gatekeeper to run unsigned malicious code – even if the user’s settings only allow Apple-signed code from the Mac App Store.”
Most Apple programs, including Xcode, along with a lot of popular applications appear to be vulnerable. Wardle released the free “Dynamic Hijack Scanner” application to detect local hijacks and reveal vulnerable applications.