OS X Vulnerable to DLL Hijacking

Posted by: Brian Wiser Date: March 22, 2015 0 Likes 539 Views

According to a detailed article by Patrick Wardle, OS X with Gatekeeper is vulnerable to attack from applications loading dynamic link libraries (DLLs) that don’t specify a path name.

“The operating system looks for the DLL file in a number of well-defined directories. An attacker could thus ‘hijack’ the DLL by placing a rogue DLL file into one of those directories, so that the operating system will find the rogue DLL first….Unfortunately, by abusing a dylib hijack, an attacker can bypass Gatekeeper to run unsigned malicious code – even if the user’s settings only allow Apple-signed code from the Mac App Store.”

Most Apple programs, including Xcode, along with a lot of popular applications appear to be vulnerable.  Wardle released the free “Dynamic Hijack Scanner” application to detect local hijacks and reveal vulnerable applications.

Author: Brian Wiser
Brian is an A.P.P.L.E. Board member and Managing Editor of Call-A.P.P.L.E.. He is a producer of books, films, games, and events, as well as an Apple consultant, historian and archivist. Brian designed, edited, and co-produced dozens of books including:  "Nibble Viewpoints: Business Insights From The Computing Revolution," "Cyber Jack: The Adventures of Robert Clardy and Synergistic Software," "Synergistic Software: The Early Games," "Graphically Speaking: Enhanced Edition," "What’s Where in the Apple: Enhanced Edition," and "The WOZPAK Special Edition: Steve Wozniak’s Apple-1 & Apple II Computers."  Brian also co-produced the retro iOS game "Structris." Brian was an extra in Joss Whedon’s movie “Serenity,” leading him to being a producer/director for the documentary film “Done The Impossible: The Fans’ Tale of Firefly & Serenity.” He brought some of the Firefly cast aboard his Browncoat Cruise convention and recruited several of the Firefly cast to appear in a film for charity. Brian speaks about his adventures at conventions around the country.
Website