IOS iBoot Code Leaked, Huge Security Headache for Apple

Share

The access to iBoot's code may have several implications; it could allow researchers to find vulnerabilities in the systems more easily, but it might also open the door to less benevolent hackers willing to exploit the hole. The company launched its bug bounty program in 2016, and flaws in secure boot firmware components were valued at up to $200,000. However, it's safe to assume that the legal team hired by Apple HQ isn't too happy, and will do everything in its power to make sure this code is permanently wiped from Github. It's the very first process that runs when iOS starts up.

The iOS device maker maintained that the leaked source code is now largely irrelevant since majority of iPhone and iPad users have already been updated to iOS 10 versions and up.

That said, it's unclear how much of the iOS 9-vintage code remains in the current iOS 11 and near-future iOS 12 iBoot process, nor how improvements to the secure enclave hardware may have mitigated risks to nearly all iOS devices now being sold.

When Motherboard asked Jonathan Levin, author of a number of books on iOS and macOS internals, about the leak, Levin said that the code appears to be authentic because it fits with his own attempts to reverse engineer Apple's boot code. "It's a huge deal". On the other hand, researchers may also choose to poke about in the iBoot code, potentially disclosing any vulnerabilities they find to Apple.

Court suspends any criminal proceedings against Miguna Miguna
This was after the IG and DCI violated a Friday court order that gave Miguna a Sh50,000 bond. He further directed that Mr Miguna appears before him on February 14 to take a plea.

Apple has ordered the leaked iOS source code iBoot removed from GitHub. "This development proves that third-party security software from the likes of MobileIron, AirWatch, SOTI and others remains a needed part of any mobility strategy to thwart jailbreaking and intrusions to the enterprise".

As mentioned above, Apple issued a DMCA notice demanding that the files be taken down as the iPhone source code is proprietary and private, containing Apple's copyright notice.

Apple keeps its source code under tight lock and key - it's one component of the company which has made it such a dominant force in technology for the past decade, especially with its mobile phones. Apple has not responded to requests to comment on the leak.

The DMCA notice required Apple to verify that the code was their property-consequently confirming that the code was genuine.

Share