Jump to content
Nytro

DYLIB HIJACKING ON OS X

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

DYLIB HIJACKING ON OS X

Patrick Wardle

Synack, USA

(This paper was presented at CanSecWest 2015.)

DLL hijacking is a well known class of attack which was

always believed only to affect the Windows OS. However,

this paper will show that OS X is similarly vulnerable to

dynamic library hijacks. By abusing various features and

undocumented aspects of OS X’s dynamic loader, attackers

need only to ‘plant’ specially crafted dynamic libraries to

have malicious code automatically loaded into vulnerable

applications. Using this method, such attackers can perform

a wide range of malicious and subversive actions, including

stealthy persistence, load-time process injection, security

software circumvention, and a Gatekeeper bypass (affording

opportunities for remote infection). Since this attack

abuses legitimate functionality of the OS, it is challenging

to prevent and unlikely to be patched. However, this

paper will present techniques and tools that can uncover

vulnerable binaries as well as detect if a hijacking has

occurred.

Download: https://www.virusbtn.com/pdf/magazine/2015/vb201503-dylib-hijacking.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...