This is one horribly misunderstood vulernability. I just read through the articles and comment threads on Ars Technica and Slashdot. A lot of naysayers don't get that the exploit isn't targeting individual process memory. Instead, it targets the measurable statistics -- CPU usage, RAM usage, network activity, window name, pixel locations -- of shared memory. It then pops up a spoofing dialog to intercept any input intended for what was the top-most window. It's quite clever, really, and neatly bypasses all kinds of sandboxes and whatnot. The researchers rely on specific timing to inject the spoofs. But then they go on to speculate that the technique is generalizable across multiple operating systems. Boy, I wish they hadn't done that -- it weakens their case. Guess work in an academic paper?

Anyway... of all the commentary, I'd recommend reading this one small Slashdot thread. Be sure to expand the sliders to reveal everything.

Researcher's home page, with link to paper describing flaw: http://www.cs.ucr.edu/~zhiyunq/

If that is the case then surely that is a flaw in the system. If you put in a sandbox then you should not be able to bypass it to exploit the rest of the system. It defeats the whole purpose of "sandboxing".

Read the paper. The method is a form of side-channel attack. That is, the attack observes the characteristics of an executing application and then implements a window that spoofs the user into entering secrets into a completely separate application. Sandboxes are powerless to prevent an attack of this nature. The attack is not reading from the process space of something else. It's making well-eduated and well-timed guesses based on environmental conditions.

To prevent such an attack, the operating system needs to prevent such information from being easiliy used to deduce the characteristics of executing applications. Android L has made some improvements here. Applications themselves also need to be bolstered and not allow their top windows to be taken over by other non-privileged windows. You'll note that NewEgg has already acknolwedged they can fix theirs.