Hacking macOS: How to Hide Payloads Inside Photo Metadata

Hacking macOS: How to Hide Payloads Inside Photo Metadata

Complex shell scripts can be implanted into photo metadata and later used to exploit a MacBook. In addition to obfuscating the true nature of an attack, this technique can be used to evade network firewalls as well as vigilant sysadmins.


In this attack scenario, a malicious command will be embedded directly into the EXIF metadata of an image file. The attacker would host the malicious image on a public website like Flickr, making it accessible for anyone to download. A stager will then be created to download the image, extract the metadata, and execute the embedded command.