Comment Re:Order of operations is important (Score 1) 78
Not quite. The attack is easily extensible so that the attackers can "run before" the target app at any time by simply deleting the keychain entry and recreating it with a new ACL that permits the target app and themselves access to the entry. From the user's perspective, they see an unexplained repeat prompt to enter their password which they'll gladly do and from there on, the attackers have access to the password.
These security holes are quite awful.