I wrote some information about Malicious Bundles on Mac OS X and
posted source code that you can find here:
http://braden.machacking.net/bundle.html
The InputManagers directory on OS X gives the user the ability to
load any bundle into any application. The Obj-C runtime environment
gives code the ability to dynamically change the mapping of any
function at runtime. The combination of these two allows a bundle to
modify the behavior of any application launched by a user. This fact
is nothing new -- people have been discussing this for a while, and
other people have been using this functionality to write neat
software that modifies other software.
posted source code that you can find here:
http://braden.machacking.net/bundle.html
The InputManagers directory on OS X gives the user the ability to
load any bundle into any application. The Obj-C runtime environment
gives code the ability to dynamically change the mapping of any
function at runtime. The combination of these two allows a bundle to
modify the behavior of any application launched by a user. This fact
is nothing new -- people have been discussing this for a while, and
other people have been using this functionality to write neat
software that modifies other software.
[ reply ]