Mac OS X Sensitive to Stealthy Memory Injection Exploit

during the "Black Hat DC cyber security conference, taking place in Washington, Vincenzo Iozzo, an Italian student in Security research, unveiled an attack procedure of Mac OS X based on a malicious code loaded in memory into a program's executable space, making the exploit invisible once the computer is switched off. If such RAM-based technique is not really new, the fact that is entirely take place in the RAM is quite innovative. The malicious code is infected in the memory allocated to a program in progress, guided to the active binary stored in the file format entitled Mach-O.
The demonstration was performed using Safari as a vector application. According to the detailed procedure, it relies on unspecific means needed to be available for the attack to take place. It is unclear if such requirements are easily achieved for a hacker from a distant location. Vincenzo expects to port this procedure to the iPhone OS in order to make code-based identification protections useless.
Users should keep in mind that Back Hat conferences are organized to make such attack/defense procedure against IT system public. Unveiling an exploit concept usually allows OS developers to release a fix, and in most cases the attack will remain a hypothesis and will never be used in any virus, Trojan or spyware.
The CERT-IST recently published an article dedicated to a RAM-based exploit aiming to recover HD encryption keys (concept unveiled in summer 2008).