| There is a much better article here (you can actually understand what he has done): http://www.oneitsecurity.it/22/01/2009/mac-os-x-vulnerabilit... I haven't read the slides, so I can't say specifically what he's done, however this is nothing new [1]. Essentially, he has ported a known technique, for executing programs within a host address space, to the OS X platform. It is neither "new" nor an "attack", so the article is extremely misleading. From the article it appears that he's implemented a framework for injecting code into another process on OSX. It sounds like he uses the original binary to either a) hook execution, or b) access dynamic libraries[2]. [The part about using addresses from the existing Mach-O binary isn't clear as to the purposed purpose]. This "attack" is actually more like a technique for running a binary without creating an on-disk image. For examples of why you'd want to do this see phrack [3]. [1] Userland Exec, 2004. http://seclists.org/fulldisclosure/2004/Jan/0001.html [2] Cheating the ELF: Subversive dynamic linking on UNIX platforms, 2001. http://mirror.sweon.net/madchat/coding/Cheating_elf.pdf [3] Remote Exec, 2005(?). http://www.phrack.com/issues.html?issue=62&id=8 |