Use the Keychain Carefully

In all versions of iOS up to and including iOS 7, the keychain can be partially compromised if an attacker has access to the encrypted iTunes backup. Because of how iOS re-encrypts keychain entries when creating iTunes backups, the keychain can be partially decrypted when an iTunes backup is available and the password for backup encryption is known. However, iTunes backups that are not encrypted do not allow for the decryption of keychain items.

Lastly, for older devices (e.g., iPhone 4) for which BootROM exploits exist, the keychain can be compromised by an attacker that has physical access to the device.

To prevent the exposure of keychain items via iTunes backup, use the ThisDeviceOnly protection class where practical.

• Keychain Services Programming Guide

• CWE-522: Insufficiently Protected Credentials