Source code for key iOS component iBoot leaked and published on GitHub

Share

An older version of the software for the iPhone and iPad's operating system was posted on the code-sharing site GitHub last night, February 7.

A part of the source code for iOS was published by an anonymous user on the web-based hosting service, GitHub that is primarily used by developers to share code with one another.

Levin also said that info gleaned from this leak could help bring back the possibility of tethered jailbreaks, which have been nearly impossible to perform due to all the security on recent iPhones. But in a move that some Mac and iOS experts are calling the "the biggest leak in history", an unknown source appears to have laid bare parts of the iPhone's critical boot code on Github. It's the program that essentially loads iOS, the first process that runs when an iOS device is powered own.

iBoot's role is to verify that the kernel is signed by Apple during bootup and it is very integral to the iOS security system.


Apple has responded to security concerns surrounding a leaked iPhone source code, pointing out that any potential vulnerabilities would be outdated. "It's a huge deal". Apple has confirmed with TechCrunch that the code appears to be real, but adds that it's tied to old software.

In another posted letter, Apple wrote "The "iBoot" source code is proprietary and it includes Apple's copyright notice".

The Reddit user who posted the code was relatively new to the website, so the code was subsequently buried relatively quickly. Researchers believe the code to be real, and could be a significant security leak, according to Motherboard. By exposing this code, it also opens new avenues for Jailbreakers. iPhones and iPads used to be fairly easy to Jailbreak back in the day, but with the launch of TouchID on the iPhone 5s, Apple introduced the "Secure Enclave co-processor", which made exploits hard to uncover. Apple's latest iOS adoption numbers show that fewer than 10% of active devices are running software older than iOS 10 with 65% on iOS 11. Motherboard speculates that the leak could also enable programmers to emulate iOS on non-Apple platforms. As more jailbreaks come out that take advantage of these vulnerabilities, there's a high probability that Apple will take all steps possible in order to keep their phones locked down. "It is not open-source". These days, modders are more likely to sell the exploit than release it for free to the jailbreak community.

Share