Apple says DON'T fear about leaked source code - experts say DO

Apple throws take-down notice at GitHub to remove leaked iBoot code

Apple throws take-down notice at GitHub to remove leaked iBoot code

Apple is in the middle of a serious security scare after the source code for iBoot was anonymously posted on GitHub.

In a statement provided to our sister site CNET, Apple said that the code was three years old, and is only one part of its approach to security. The post claims that the source code is for Apple's older iOS 9 operating system; however, tech experts believe parts of that code are likely still being used in the current iOS 11 system. That source code represents one of the iPhone's many secrets, something that Apple doesn't share with others. It's too early to say whether the iBoot leak will have any impact on the security of iOS devices going forward.

It said it always encouraged customers to keep up to date with operating system upgrades. That said, iBoot is highly sensitive code, and Apple apparently pays up to $200,000 under its bug bounty program to anyone who discovers bugs in the boot up procedure. According to Apple, over 93% of the users are already on the latest platform.

Apple iOS and MacOS specialist Jonathan Levin told the website that the iBoot posting is "the biggest leak in history". "For example, configure a complicated login to the account, using filters by IP address and two-factor authentication, leave the number of bank cards stored on your iPhone to a minimum and don't store critically important data on the device". "It is considered confidential and proprietary". Arxan Technologies VP of product, Rusty Carter says iBoot's leak could potentially allow hackers to find security holes in the smartphone, enabling them to analyse Apple's code, replicating and manipulating it for malicious goal.

It loads, verifies that the kernel - the "heart" of the operating system's code - is actually signed by Apple, and then executes the code and takes you to the lock screen.

The access to iBoot's code may have several implications; it could allow researchers to find vulnerabilities in the systems more easily, but it might also open the door to less benevolent hackers willing to exploit the hole.

Levin said the code appears to be the real iBoot code because it aligns with code he reverse engineered himself.

"But Apple should be anxious because if somebody has got hold of that, what else have they got?"

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.