MacOS – Keychain won’t let copy passwords after 10.11.1 update

After the 10.11.1 update, I can not get access to some of encrypted data stored in my keychains with Keychain Access.app. Most notably, I can not see or copy passwords stored.

Normally, to do so, you'd have to:

1. unlock a keychain with keychain password;
2. unlock an item itself with keychain password.

During 2nd step, when password is typed in, you can select 2 options: "Allow" and "Always allow". The difference is that if you click "Always allow", you won't have to perform 2nd step for this item again.

Here's some things I was able to detect:

• if I had clicked "Always allow" on an item before OS X update, I can access it fully;
• if I haven't clicked "Always allow", I can not copy password from right click menu, nor see it when ticking "Show Password" checkbox on Info Screen.
• if I add new item, I can not copy password from right click menu, but can still see it on Info Screen.

I get what seems to be mostly full keychain data using following command (though, I am not sure everything's there):

security dump-keychain -d elmigranto.keychain

UPD: After more detective work, I found following message appearing in Console.app when I click anything in password dialog:

26.10.15 10:19:52,345 SecurityAgent[770]: Ignoring user action since the dialog has received events from an untrusted source

UPD2: Pretty sure this is caused by HT205375, which among other changes lists the following:

SecurityAgent

Available for: OS X El Capitan 10.11

Impact: A malicious application can programmatically control keychain access prompts

Description: A method existed for applications to create synthetic clicks on keychain prompts. This was addressed by disabling synthetic clicks for keychain access windows.

CVE-ID

CVE-2015-5943