> As a user/developer how do you even mitigate against this kind of attack?

I wish there were a viable answer other than "use a capability-secure programming language". Even auditing is insufficient since nefarious code can easily slip through even an audit.