APPLE HAS THROWN a takedown notice in the direction of GitHub after source code for iBoot, one of the core components of the website, was posted to the code-sharing website.
Responsible for launching a trusted boot of iOS, iBoot is the first program that gets kicked into action every time an iPhone is turned on. It ensures that the mobile OS’s kernel is approved by Apple and legitimate for use on an iPhone or iPad.
Apple keeps code like this firmly under lock and key and probably a few immaculately designed booby traps, as it’s essential to the core functionality of iOS.
The code leaked onto GitHub claims to be designed for iOS 9 but parts of it are likely to be found in iOS 11, making the leak potentially dangerous to Apple’s mobile software.
Having access to such source code is one way for security researchers to find flaws in source code and report any bugs they might throw up that could be exploited by hackers.
However, making the code public could allow intrepid hackers to sniff around in iBoot and find their own vulnerabilities, only instead of reporting them to Apple, they could tap into the flaws and use them as vectors of attack against iOS.
The iBoot source code could also enable programmers to eventually find a way to emulate iOS on devices other than iPhones and iPads, which would be a big thorn in Apple’s closed ecosystem approach.
Lawyers acting on behalf of Apple on Thursday described the leak as a “reproduction of Apple’s iBoot source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software.”
The takedown request said that “the iBoot source code is proprietary and it includes Apple’s copyright notice. It is not open source.”
“Old source code from three years ago appears to have been leaked,” said Apple in a statement. But by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
iOS and macOS specialist Jonathan Levin told Motherboard this week hat the iBoot posting is “the biggest leak in history”.
“iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image,” he said. “And now it’s wide open in source code form”. µ
Source : Inquirer