Apple suffers unprecedented leak as crucial iOS source code hits GitHub
Apple’s tight grip on its code has suffered a devastating blow as confidential iOS source code gets posted on GitHub.
The leaked iOS code is that of ‘iBoot’ which ensures a secure boot and is one of the most sensitive parts of the system. Its purpose is to load the kernel and verify everything is signed by Apple before it’s executed.
In fact, bugs in the boot process are such a concern that Apple values them at ~$200,000 as part of its bounty program.
Here is the copyright notice in the code:
Following an urgent DMCA takedown request from Apple, the code has since been removed from GitHub — but not before it was copied. Now it can be redistributed anywhere and scoured by hackers for attack vectors.
The code says it’s from iOS 9, but it’s likely a large amount of it is still used in later versions of Apple’s mobile operating system.
It now feels just a matter of time before new exploits are found. These could be kept secret to maliciously compromise devices with malware, used for a ‘jailbreak’ to unlock new capabilities for iOS users, or potentially to even boot the OS on third-party hardware.
Jailbreaking used to be quite popular amongst iOS users — but the practice has tapered off as more features become available natively, and the security of Apple’s devices has increased. Newer iPhones have a dedicated chip known as the Secure Enclave Processor which has hardened the security of the devices considerably.
What are your thoughts on the Apple source code leak? Let us know in the comments.