The Mac Hacker's Handbook
Charlie Miller and Dino Dai Zovi's 2009 deep dive into the Mac OS X exploit landscape — Mach-O, IPC, sandboxing as it then existed, and the early-Intel-Mac exploitation chains.
As an Amazon Associate we earn from qualifying purchases. The link above is sponsored.
- Authors
- Charlie Miller,Dino Dai Zovi
- Published
- 2009
- Publisher
- Wiley
- Pages
- 384
- Language
- English
Read this if
Reverse engineers and exploit developers who want the historical foundation of Mac exploitation, especially as a stepping stone to The Art of Mac Malware (Wardle). Most useful for the conceptual scaffolding around Mach, Objective-C runtimes, and IPC, which are still load-bearing on modern macOS.
Skip this if
Anyone needing current Apple-silicon, Hardened Runtime, System Integrity Protection, Endpoint Security, or modern sandbox-escape tradecraft. The book is pre-iPhone-era macOS in spirit; 2009 was a different planet.
Key takeaways
- The conceptual material (Mach, IPC, Mach-O, Objective-C dispatch) generalizes to modern macOS; the specific exploits do not.
- Most of the value is historical archaeology — knowing why the macOS sandbox and SIP exist is far easier after this book.
- Pair with current Wardle and Apple Platform Security material for any operational use; treat this as background reading.
Notes
Read with The Art of Mac Malware Vol 1 (Wardle) for the modern continuation and with Apple's Platform Security Guide (the most recent edition) for the current operating environment. Charlie Miller's later DEF CON / Pwn2Own presentations are the live-fire complement. A historical reference in 2026, but a useful one if you want the genealogy of Apple security; otherwise skip directly to Wardle.
What to read before
What to read before The Mac Hacker's Handbook →Intermediate · 2011
The IDA Pro Book
Chris Eagle's deep manual on IDA Pro, the disassembler that defined a generation of reverse engineering. Useful even with Ghidra in the picture, since most malware-analysis literature still assumes IDA.
Advanced · 2022
Gray Hat Hacking
A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.
Advanced · 2022
The Art of Mac Malware, Volume 1
Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.
What to read next
What to read after The Mac Hacker's Handbook →Advanced · 2022
Gray Hat Hacking
A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.
Advanced · 2022
The Art of Mac Malware, Volume 1
Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.
Advanced · 2009
Les virus informatiques : théorie, pratique et applications
Éric Filiol's reference French-language treatment of computer virology. Formal theory, infection mechanisms, offensive and defensive applications, with academic rigor rare on the topic.
Explore similar books
Alternatives to The Mac Hacker's Handbook →Advanced · 2022
Gray Hat Hacking
A multi-author breadth-first reference covering the modern offensive landscape: web, binary, hardware, IoT, mobile, cloud, and adversarial ML — the closest thing in print to a single-volume snapshot of where offensive security is.
Advanced · 2022
The Art of Mac Malware, Volume 1
Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.
Advanced · 2021
The Hardware Hacking Handbook
Jasper van Woudenberg and Colin O'Flynn (NewAE / ChipWhisperer) on real hardware attacks: bus sniffing, fault injection, side-channel power analysis, and the lab work that turns a black box into a known target.