Xara Deconstructed An In Depth Look At Os X And Ios
Contrary to what some reports have said, while a malicious app cannot read your existing keychain entries, it can delete existing keychain entries, and it can create new keychain entries that are readable and writeable by other, legitimate apps. This means a malicious app can effectively trick other apps into saving all new password entries to a keychain it controls, and then can read.
Fantastic, informative article on the latest Apple exploits.