Although Apple plans to require sandboxing in all third-party Mac App Store apps as of March 2012, it sounds as though Apple needs to get its own sandbox in order first. Researchers at Core Security Technologies have found a way to circumvent the sandboxing restrictions built into Mac OS X.
According to the researchers, "sending Apple events is possible within the no-network sandbox (kSBXProfileNoNetwork). A compromised application hypothetically restricted by the use of the no-network profile may have access to network resources through the use of Apple events to invoke the execution of other applications not directly restricted by the sandbox."
The researchers point out that Charlie Miller addressed a similar issue in a talk at Black Hat Japan 2008, so this is not strictly a new issue. Apple did make some modifications to its sandboxing after Miller's talk, but it seems some exploitable holes still remain.
Apple has apparently been aware of this issue for some time. The researchers point out that Apple's "App Sandbox Design Guide" states that "applications that require sending Apple events to other arbitrary applications are not suitable for sandboxing," and they speculate this is because "some developer tools restrict Apple events by default while defining the sandbox. The reason for this is that, as we show here, by dispatching Apple events a process can escape the sandbox."
Core Security Technologies' researchers provided Threat Post with one possible scenario that could result from this flawed sandboxing implementation: If you're running a third-party address book app that's running as a sandboxed process, an attacker could provide you with a file containing both his contact information and code that allows him to take control of the app. While Apple's sandboxing would prevent him from spreading that code beyond the address book app itself, it would also allow him to send the app's contents back to himself, including any contact information you'd put into it.
It seems likely this is something Apple will address relatively soon now that it's been publicized, either via a standalone security update or in a dot-update to OS X itself.