Why is this important?
Any functionality related to file management requires careful usage. If attackers are able to influence the input to file access related APIs, then it can have a serious impact.
Fixing Insecure File Management
App developers can leverage the iOS Data Protection APIs to implement fine-grained access control for user data stored in flash memory. The APIs are built on top of the Secure Enclave Processor.
There are four protection classes for files:
- Complete Protection (NSFileProtectionComplete)
- Protected Unless Open (NSFileProtectionCompleteUnlessOpen)
- Protected Until First User Authentication (NSFileProtectionCompleteUntilFirstUserAuthentication
- No Protection (NSFileProtectionNone)
More information about these classes can be found here.