Apple plays down security fears over leaked iOS source code

Share

However, making the code public could allow intrepid hackers to sniff around in iBoot and find their own vulnerabilities, only instead of reporting them to Apple, they could tap into the flaws and use them as vectors of attack against iOS.

Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, called the leak "huge", speculating the code is now making rounds in the underground iOS jailbreaking community. This has made the software development platform to remove the controversial iOS source code though enough damage could have already been done.

In a rare piece of news, Apple has had a core component of its iOS code leaked online and uploaded to the code-sharing site GitHub.

"The "iBoot" source code is proprietary and it includes Apple's copyright notice. It is not open-source", said the legal document. While Apple has responded that it's not an issue for the security of current products, some believe it could still be important in finding new vulnerability and bugs in iOS. This ensures the code on the phone that's being run originates from Apple. Levin has written books on the internals of iOS and Mac OS X and said the code aligns with sections of iBoot he's reverse-engineered.

"But Apple should be anxious because if somebody has got hold of that, what else have they got?" Before the iBoot leak, ZioShiba had been inactive on GitHub for at least seven months.

Owner of Los Angeles Times to sell the paper
But he had declined to discuss those plans, raising suspicions among reporters, editors, photographers and producers. D'Vorkin will stay on with Tronc as Chief Content Officer of Tribune Interactive, the company said Wednesday.

Though the code is for the iOS 9, some of the parts can be found in the iOS 11, notes The Verge.

iOS bootloader The leak could be of value to "jailbreakers" who install third-party software on iPhones and iPads.

Only time will tell whether or not something will come from the leak many tech professionals are calling "the biggest leak in history".

However, according to the security researcher Will Strafach, for the end users it does not really mean anything positive or negative. While Apple has said that the leak is essentially nothing for users to be concerned about, it makes one wonder whether Apple's ecosystem is as roughly locked down as once thought. The iPhone maker has also confirmed the code posted at GitHub is real indeed, but it isn't clear yet as to how it got leaked or who is responsible for it either.

Share