Macintosh OSX binary malware

Marius van Oers McAfee AVERT

With the recent appearances of OSX/Leap and OSX/Inqtana it is clear that Macintosh users are also vulnerable to native malware. Due to the appearance of Mac OSX for Intel, the userbase of people running OSX may grow much bigger than it is today and therefore also draw the attention of malware writers. OSX binary files used to be of the BSD a.out file format specification. Nowadays, the Mach-O (Mach object) file format is used for binary files. This paper will mainly focus on the current OSX binary file format structure and the possible security issues related to that.