EOS.IO is not vulnerable to system call hijacking. Each contract gets its own copies of the eosiolib calls it uses. Contracts do not call into some common library on the chain. Contracts can not modify contracts on other accounts without an explicit authorization. Providing your own version of some other contract’s functions does not interact with that other contract at all and does not somehow inherit or hijack that contract’s permissions.