Skip to content

February 8, 2018

Crucial iPhone source code posted in unprecedented leak

by John_A

Critical, top secret Apple code for the iPhone’s operating system was posted on Github, opening a new, dangerous avenue for hackers and jailbreakers to access the device, Motherboard reported. The code, known as “iBoot,” has since been pulled, but Apple may have confirmed it was the real deal when it issued a DMCA takedown to Github, as Twitter user @supersat noted.

iBoot is the iOS code that ensures a secure boot by loading and checking that kernel is properly signed by Apple before running the OS. The version that was posted to Github, supposedly by a Twitter user named @q3hardcore, was for iOS 9, but much of it likely still exists in the latest version, iOS 11.

Fun thing about the DMCA: it required Apple to state, under penalty of perjury, that the iBoot source code was legit: https://t.co/PKHZqcEe6h

— Karl (@supersat) February 8, 2018

The code can’t be compiled because certain files are missing, but researchers and hackers who know what to look for could probe it for vulnerabilities. “This is the biggest leak in history,” author and security researcher Jonathan Levin told Motherboard. “The leaked sources of iBoot … bring us closer to a truly liberated iOS booted on generic arm boards and/or emulator,” he added on Twitter. Levin and other security researchers believe the code is the real deal.

iPhones used to be relatively easy to jailbreak before Apple introduced the “secure enclave co-processor” with the TouchID of the iPhone 5s. Now, it’s nearly impossible for hackers to even find bugs in iOS code, making iOS exploits relatively rare, unlike in Windows and Android. As such, the iBoot leak is exposing code that hardly anyone has seen before.

The iBoot dump first appeared last year on Reddit, but received little notice from the security community until it hit Github. Apple considers iBoot to be such a critical part of iOS that it offers $200,000 for vulnerabilities, the most in its bug bounty program. That means the release of the source code could amount to a gold rush for many researchers.

Via: Motherboard

Source: Github

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: