DLL hijacking from 2 0 0 0 years has started to plague Windows systems, and now this attack also in most people's eyes“the most secureoperating system” - Apple Mac OS X appears on the.
This week, Synack researcher Patrick Wardle, held in Vancouver at CanSecWest meeting made a speech, he explained in detail the invasion of the Mac OS X dynamic library details: durable, process injection, security features, Apple is the Gatekeeper around and remotely exploitable, and Windows DLL hijacking almost.
Apple dynamic library hijacking vulnerability
DLL hijacking attacks and dynamic library hijacking attacks the concept of essence is basically the same: the attacker must first find a malicious library, and then to enter theoperating systemto load the directory. Wardle just to explain such an attack of one aspect, that is, he can find the Photostream Agent iCloud runtime will automatically run on the vulnerable Apply to binary file.
DLL hijacking plagued Windows has been for some time, is a very common attack, and has been an attacker with rotten. I have thought OS X would also appear the same problem. So after a series of research, I found that on OS X there are also similar problems. Although they use different technology, but the invasion ability of the same, are very powerful.
Persistent lurking is to attack the most perfect one part, the attacker can put a specially compiled dynamic library copied to the Photostream directory on, in order always to know the application when run, so the attacker of the dynamic library will be loaded into a process. This is the most secretive lurk mode, because it does not create any new process does not modify any files, just implant a single dynamic library.
Remote execution of malicious code