Apple source code for a core component of iPhone’s operating system has purportedly been leaked on GitHub, which could allow hackers as well as also researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware as well as also iPhone jailbreaks.
The source code appears to be for iBoot—the critical part of the iOS operating system which’s responsible for all security checks as well as also ensures a trusted variation of iOS is usually loaded.
In different words, which’s like the BIOS of an iPhone which makes sure which the kernel as well as also different system files being booted whenever you turn on your iPhone are adequately signed by Apple as well as also are not modified anyhow.
The iBoot code was initially shared online several months back on Reddit, although which just resurfaced today on GitHub (repository today unavailable due to DMCA takedown). Motherboard consulted some security experts who have confirmed the legitimacy of the code.
However, at which moment, which is usually unclear if the iBoot source code is usually completely authentic, who is usually behind which significant leak, as well as also how the leaker managed to get his/her hands on the code within the first place.
The leaked iBoot code appears to be by a variation of iOS 9, which signifies which the code is usually not entirely relevant to the latest iOS 11.2.5 operating system, although some parts of the code by iOS 9 are likely still used by Apple in iOS 11.
“which is usually the SRC for 9.x. Even though you can’t compile which due to missing files, you can mess with the source code as well as also find vulnerabilities as a security researcher. which also contains the bootrom source code for certain devices…,” a security expert said on Twitter.
The leaked source code is usually being cited as “the biggest leak in history” by Jonathan Levin, the author of several books on iOS as well as also macOS internals. He says the leaked code seems to be the real iBoot code as which matches with the code he reverse-engineered himself.
Apple has open sourced some portions of macOS as well as also iOS in recent years, although the iBoot code has been carefully kept private.
As Motherboard points out, the company treats iBoot as integral to the iOS security system as well as also classifies secure boot components as a top-tier vulnerability in its bug bounty program, offering $200,000 for each reported vulnerability.
Therefore, the leaked iBoot code can pose a serious security risk, allowing hackers as well as also security researchers to dig into the code to hunt for undisclosed vulnerabilities as well as also write persistent malware exploits like rootkits as well as also bootkits.
Moreover, jailbreakers could find something useful by the iBoot source code to jailbreak iOS as well as also come up which has a tethered jailbreak for iOS 11.2 as well as also later.
which is usually worth noting which newer iPhones as well as also different iOS devices ship with Secure Enclave, which protects against some of the potential issues which come with the leaked iBoot source code. So, I actually doubt which the leaked code will be of much help.
Apple has yet to comment on the recent leak, though Github has already disabled the repository which was hosting the iBoot code after the company issued a DMCA takedown notice. However, the code is usually already out there.
We will update the article if we learn more.