Apple Confirms iBoot Source Code Leak is Real, Downplays Significance

Share

Apple Confirms iBoot Source Code Leak is Real, Downplays Significance

A part of the source code for iOS was published by an anonymous user on the web-based hosting service, GitHub that is primarily used by developers to share code with one another.

The move by Apple would seem to confirm the authenticity of the code, according to reports. Apple would appear to have sent a DCMA takedown notice to Github, where the code was leaked, this indicating the code posted was of some large effect.

iBoot is described as the BIOS of the iPhone and is responsible for loading and verifying that the kernel is signed by Apple and then executes that kernel. Not really. The leaked source code will benefit low-level black-hat hackers who will be looking through it for security flaws, but they'll be in an arms race with white-hat hackers doing the same with the intent to fix flaws and/or cash in on Apple's bug bounties. The code is known as "iBoot", and as you would imagine, Apple has been wrangling with DMCA takedown notices since.

As Macrumors points out, modern iOS devices have Secure Enclave processor protection, which hardens device security. Another security researcher says the code is real. Apple has yet to comment on the issue.

Levin also said that info gleaned from this leak could help bring back the possibility of tethered jailbreaks, which have been nearly impossible to perform due to all the security on recent iPhones. But such a hypothetical vulnerability is unlikely to allow an attacker to bypass the cryptographic security on the iOS device itself, so it may be of less use to individuals trying to bypass a phone owner's password or PIN. It's likely we'll see some changes in the source code moving forward in order to address some of the damage that is now possible at the hands of enterprising hackers. The repository has been removed, but there is still potential for damage to be done with the code. Levin told Motherboard that the leak meant tethered jailbreaks, which require the iPhone to be connected to a computer when booting, could soon return for regular users. Apple is probably going to be working overtime for the foreseeable future to deal with the fallout from this leak.

Share

Advertisement

© 2015 Leader Call. All Rights reserved.