OS X Vulnerable to DLL Hijacking

According to a detailed article by Patrick Wardle, OS X with Gatekeeper is vulnerable to attack from applications loading dynamic link libraries (DLLs) that don’t specify a path name.

“The operating system looks for the DLL file in a number of well-defined directories. An attacker could thus ‘hijack’ the DLL by placing a rogue DLL file into one of those directories, so that the operating system will find the rogue DLL first….Unfortunately, by abusing a dylib hijack, an attacker can bypass Gatekeeper to run unsigned malicious code – even if the user’s settings only allow Apple-signed code from the Mac App Store.”

Most Apple programs, including Xcode, along with a lot of popular applications appear to be vulnerable.  Wardle released the free “Dynamic Hijack Scanner” application to detect local hijacks and reveal vulnerable applications.

About the Author

Brian Wiser

Brian is an A.P.P.L.E. Board member and Managing Editor of Call-A.P.P.L.E. magazine. He is a long-time Apple consultant, historian and archivist. Brian designed, edited, and co-produced several books including: "Cyber Jack: The Adventures of Robert Clardy and Synergistic Software", "Synergistic Software: The Early Games", "Nibble Viewpoints: Business Insights From The Computing Revolution", "What's Where in the Apple: Enhanced Edition", and "The WOZPAK: Special Edition" – an important Apple II historical book with Steve Wozniak's restored original, technical handwritten notes as well as a forward from Steve Wozniak and other Apple legends. Brian also co-produced the retro iOS game "Structris." Brian was an extra in Joss Whedon’s movie “Serenity,” leading him to being a producer/director for the documentary film “Done The Impossible: The Fans’ Tale of Firefly & Serenity.” He brought some of the Firefly cast aboard his Browncoat Cruise and recruited several of the Firefly cast to appear in a film for charity. Brian speaks about his adventures at conventions around the country.