IOS iBoot Code Leaked, Huge Security Headache for Apple

Share

The access to iBoot's code may have several implications; it could allow researchers to find vulnerabilities in the systems more easily, but it might also open the door to less benevolent hackers willing to exploit the hole. The company launched its bug bounty program in 2016, and flaws in secure boot firmware components were valued at up to $200,000. However, it's safe to assume that the legal team hired by Apple HQ isn't too happy, and will do everything in its power to make sure this code is permanently wiped from Github. It's the very first process that runs when iOS starts up.

The iOS device maker maintained that the leaked source code is now largely irrelevant since majority of iPhone and iPad users have already been updated to iOS 10 versions and up.

That said, it's unclear how much of the iOS 9-vintage code remains in the current iOS 11 and near-future iOS 12 iBoot process, nor how improvements to the secure enclave hardware may have mitigated risks to nearly all iOS devices now being sold.

When Motherboard asked Jonathan Levin, author of a number of books on iOS and macOS internals, about the leak, Levin said that the code appears to be authentic because it fits with his own attempts to reverse engineer Apple's boot code. "It's a huge deal". On the other hand, researchers may also choose to poke about in the iBoot code, potentially disclosing any vulnerabilities they find to Apple.

IOS iBoot Code Leaked, Huge Security Headache for Apple
IOS iBoot Code Leaked, Huge Security Headache for Apple

Apple has ordered the leaked iOS source code iBoot removed from GitHub. "This development proves that third-party security software from the likes of MobileIron, AirWatch, SOTI and others remains a needed part of any mobility strategy to thwart jailbreaking and intrusions to the enterprise".

As mentioned above, Apple issued a DMCA notice demanding that the files be taken down as the iPhone source code is proprietary and private, containing Apple's copyright notice.

Apple keeps its source code under tight lock and key - it's one component of the company which has made it such a dominant force in technology for the past decade, especially with its mobile phones. Apple has not responded to requests to comment on the leak.

The DMCA notice required Apple to verify that the code was their property-consequently confirming that the code was genuine.

Senate Leadership Close to Long-Term Budget Deal
House Speaker Paul Ryan said with this agreement they are breaking the logjam on a number of priorities for the American people. Some House members are wary of the early details of the Senate deal .

Share