OS X Vulnerable to DLL Hijacking

According to a detailed article by Patrick Wardle, OS X with Gatekeeper is vulnerable to attack from applications loading dynamic link libraries (DLLs) that don’t specify a path name.

“The operating system looks for the DLL file in a number of well-defined directories. An attacker could thus ‘hijack’ the DLL by placing a rogue DLL file into one of those directories, so that the operating system will find the rogue DLL first….Unfortunately, by abusing a dylib hijack, an attacker can bypass Gatekeeper to run unsigned malicious code – even if the user’s settings only allow Apple-signed code from the Mac App Store.”

Most Apple programs, including Xcode, along with a lot of popular applications appear to be vulnerable.  Wardle released the free “Dynamic Hijack Scanner” application to detect local hijacks and reveal vulnerable applications.

Please follow and like us:

About the Author

Brian Wiser

Brian is an A.P.P.L.E. Board member and Managing Editor of Call-A.P.P.L.E. magazine. He is a long-time Apple consultant, historian and archivist.

Brian designed, edited, and co-produced several books including: “Cyber Jack: The Adventures of Robert Clardy and Synergistic Software”, “Synergistic Software: The Early Games”, “Nibble Viewpoints: Business Insights From The Computing Revolution”, “What’s Where in the Apple: Enhanced Edition”, and “The WOZPAK: Special Edition” – an important Apple II historical book with Steve Wozniak’s restored original, technical handwritten notes as well as a forward from Steve Wozniak and other Apple legends. Brian also co-produced the retro iOS game “Structris.”

Brian was an extra in Joss Whedon’s movie “Serenity,” leading him to being a producer/director for the documentary film “Done The Impossible: The Fans’ Tale of Firefly & Serenity.” He brought some of the Firefly cast aboard his Browncoat Cruise and recruited several of the Firefly cast to appear in a film for charity. Brian speaks about his adventures at conventions around the country.