The latest version of the adware toolbar malware known as Genieo now has the ability to access the OS X Keychain without user knowledge, thanks to privileges gained during the initial install where the user willingly uses their admin password. Though the program itself does not use the technique to cause any malicious harm on its own, the trick will likely be copied and used by others to possibly compromise the security of the OS X password manager. The technique exploits no hack or flaw, but abuses existing privileges.
