IOS iBoot Code Leaked, Huge Security Headache for Apple

“Biggest iPhone Code Leak?” — Source Code Of The Most Critical Part Of iOS Dumped On GitHub

iPhone iBoot Source Code Leaked Online Sparking Security Headache For Apple

Motherboard reported the leak last night after what appeared to be source code for iBoot was posted publicly online.

The leak could allow hackers to discover iOS vulnerabilities more easily and make creating iPhone jailbreaks simpler, even in the face of Apple's tightened security measures.

Apple has since issued a takedown notice, requiring the website to remove the offending files, but the iPhone source code - referred to as "iBoot" - is the part of the operating system that is responsible for ensuring a "trusted boot" of the operating system. It's the program that essentially loads iOS, the first process that runs when an iOS device is powered own. This component verifies that iOS is loaded correctly every time and if the kernel is signed by Apple.

Ford Transit Connect Wagon Has More Tech, New Diesel Engine
Ford wants the refreshed Transit Connect Wagon to revive sales of the model, which fell 20 percent past year . Kevin Brown, age 63, of Nassau Bay, Texas, is the kind of "active Boomer" who loves the Transit Connect Wagon.

It's not clear just how big of a leak this is, but according to author Jonathan Levin, who has written book about iOS and OS X, said it's "the biggest leak in history", adding that it's "a huge deal".

Two researchers have confirmed to Motherboard that the code is indeed real as they were able to reverse engineer it. While some code has nearly certainly been reused in iOS updates released since then, it might be harder for hackers to take advantage of now. Hackers could potentially use this code to install malware or even surveillance tools on a wide range of iPhones since they all theoretically contain this snippet of code. The "iBoot" source code is proprietary and it includes Apple's copyright notice. "Any provider that takes security seriously should always conduct rigorous threat modelling based on the assumption that source code will be exposed as some point and put in place appropriate controls to counter it".

That said, it's unclear how much of the iOS 9-vintage code remains in the current iOS 11 and near-future iOS 12 iBoot process, nor how improvements to the secure enclave hardware may have mitigated risks to nearly all iOS devices now being sold. "Sensibly, Apple has taken other steps to improve the protection of its products, such as improving the security of copprocesses, so users of its latest devices don't need to be unduly concerned by the release of the iBoot firmware". These days, modders are more likely to sell the exploit than release it for free to the jailbreak community.

Latest News