They have a memory corruption flaw that could be exploited to inject and execute malicious code provided by the attacker.

The extent of the damage is still not clear, but it's considered highly unlikely that the attacker injected code into the active Linux kernel tree.

To make badges work, Dropbox is injecting code directly into the Finder binary.

This can be used to inject code into the monitor that will permit the user to seize control of the machine.

But as anyone can easily insert arbitrary values in , it is possible to inject code from files:

And so basically you've broken out, the malware has broken out of its own process space by injecting code into another process.

But as anyone can insert arbitrary values for the parameter, it is possible to inject code from other files.

These are typically small interface and functionality tweaks to the system or existing applications that work by injecting code into programs as they load.

So that is able to then inject code into the currently running application and take over your machine.

In fact, in this way the attacker simply calls preexisting functions without the need to inject malicious code into a program.