Source code for the Apple iPhone boot system has somehow made its way onto GitHub. Titled “iBoot”, the code is the first thing to load when an iPhone starts up; acting like the BIOS of the phone. Needless to say, having this code could offer many new opportunities for security professionals and cybercriminals alike.
The code itself seems to be taken from iOS 9, and elements of it are presumably still in use with the current version of the operating system. Of course, there is no way of telling just how much of this code is still relevant right now. Since Apple has been extremely wary about releasing any sort of code to the public.
That said, having access to the boot code for iOS could potentially allow them to be jailbroken once again. Liberating iPhones used to be a big thing for users who preferred to sideload their own apps; and went away with the introduction of the Secure Enclave with the iPhone 5S.
Apple, on its part, has downplayed the effect that the leak will have on iPhones. The company told Engadget that it doesn’t rely on source code secrecy to protect its device. Rathter, the security comes from multiple layers of hardware and software protection.
Despite this, Apple has dropped a DMCA takedown notice on GitHub to get the code removed from the public eye. For its part, GitHub has complied with the request. Although, that doesn’t mean that the leak has been shut down. This is, after all, the internet.
Curiously, the iBoot code surfaced last year on Reddit; where it failed to get much attention from anyone. It looks like the posting to GitHub is what got Apple to notice. Which means that people – good and bad – are likely to have been working on potential vulnerabilities for a lot longer than just a couple of days.
[Source: Motherboard, Engadget]
