iPhone Source Code Leaked On GitHub [Updated]

Image: iStock

Lots of interesting software is uploaded to GitHub but iBoot - a key component of iOS - has been made publicly available in a significant data leak. iBoot is the software that ensures a trusted version of iOS is loaded. It's basically iOS' BIOS and ensures that the operating system that is loaded is the signed version Apple has distributed.

It's the kind of thing threat actors and intelligence agencies would love to get their hands on.

While the leaked software is purported to be from iOS 9, and a time when iPhones didn't have the Secure Enclave chip that has hardened device security significantly, it's likely some of the code is still used in more recent versions of iOS. Even if it's not used directly, it could give hackers insights into how Apple loads iOS and, therefore, potential vulnerabilities to look for and exploit.

While some are calling it the "biggest leak in history", I'm not sure it's anywhere that severe. It's embarrassing that such a critical piece of code has needed up in the public domain but we are talking about software that was superseded in June 2015.

Image: Screenshot from GitHub

If you're keen to take a look, the code is available on GitHub - although I'm not sure how long it will stay there. And I assume any bad guys that wanted it have already downloaded it all and saved it rendering any attempt by Apple to remove it from circulation pointless.

According to data released by Apple, just 7% of users are using a version of iOS that precedes iOS 10, with almost two-thirds of users running iOS 11.

Image: Apple

The impact of this leak is likely to be relatively minor. But it's also a good reminder about why it's important to update your software. Vulnerabilities in old software remain a major attack vector for threat actors.

I've contacted Apple for comments and as soon as they respond, I'll add their response.

Apple has released the following statement:

"Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”


Comments

    This document may not be reproduced or transmitted in any form,
    in whole or in part, without the express written permission of
    Apple Inc.
    Did you get the express written permission of Apple Inc. before posting that screenshot?

    Given how old it is, I doubt anyone but those building Chinese copies will care.
    And Samsung.

Join the discussion!

Trending Stories Right Now