> My point is that they can't do more damage then regular applications you run on your mac.
Well, they can autoconfirm Keychain prompts with simulated keyboard events (and access all the keychain data in general), for one. This is something non-accessibility apps can't do after some update.
Keylogger can't steal your password, if it's in keychain, even though it knows your root password. But I guess now it'll add itself into accessibility, so… waiting for Sierra :)
> Well, they can autoconfirm Keychain prompts with simulated keyboard events (and access all the keychain data in general), for one. This is something non-accessibility apps can't do after some update.
Simulating keyboard (and mouse) events is easily possible for non-accessibility apps (CoreGraphics CGEvent api). In fact, AXUIElementPostKeyboardEvent is just a simple wrapper around CGPostKeyboardEvent.
It is, but OS X won't accept it and will not unlock Keychain item, unless all the apps that do this are in Accessibility. So if there is an app that uses those APIs but not in Accessibility, even you yourself won't be able to copy anything password-protected from Keychain.
SecurityAgent
Available for: OS X El Capitan 10.11
Impact: A malicious application can programmatically control keychain access prompts
Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows.
CVE-ID
CVE-2015-5943
Well, they can autoconfirm Keychain prompts with simulated keyboard events (and access all the keychain data in general), for one. This is something non-accessibility apps can't do after some update.
Keylogger can't steal your password, if it's in keychain, even though it knows your root password. But I guess now it'll add itself into accessibility, so… waiting for Sierra :)