The malware required to trigger that process can be introduced into the victim's computer via innocuous files such as images, documents and spreadsheets. In fact, the proof of concept Rahbani and Jebara developed to test out what they discovered launches the malware-wrapped image in Preview after you click Allow. They designed it that way to show how that method can be used to allay any suspicion brewing in the back of the victim's mind.

In an email to Engadget, Jebara said that they have already notified Apple of the vulnerability and are waiting to hear back. He explained that they decided to come out with this information because it could be extremely harmful to users if exploited. By knowing the flaw's nature, you can at least protect yourself by not click strange buttons that pop up in Keychain.

We disclosed because we feel that it is the right thing to do knowing that a vulnerability of this magnitude would have disastrous consequences (you wouldn't be able to open any third-party file on your computer without the risk of losing all of your sensitive information until Apple issues a patch)... The vulnerability is extremely critical as it allows anyone to steal all of your passwords remotely by simply downloading a file that doesn't look malicious at all and that can't be detected by malware detectors because it doesn't behave the way malware usually does.

[Image credit: mangpages/Flickr]