DLL Hijacking' on OS X? #@%& Yeah! presented at CanSecWest 2015

by Patrick Wardle,

URL : https://cansecwest.com/slides/2015/DLL%20Hijacking%20on%20OSX%20-%20Patrick%20Wardle.pdf

Summary : Remember DLL hijacking on Windows? Well, turns out that OS X is fundamentally vulnerable to a similar attack (independent of the user's environment). By abusing various 'features' and undocumented aspects of OS X's dynamic loader, this talk will reveal how attackers need only to plant specially-crafted dynamic libraries to have their malicious code automatically loaded into vulnerable applications. Through this attack, adversaries can perform a wide range of malicious actions, including stealthy persistence, process injection, security software circumvention, and even 'remote' infection. So come watch as applications fall, Gatekeeper crumbles (allowing downloaded unsigned code to execute), and 'hijacker malware' arises - capable of bypassing all top security and anti-virus products! And since "sharing is caring" leave with code and tools that can automatically uncover vulnerable binaries, generate compatible hijack libraries, or detect if you've been hijacked.