Secret source code for the iPhone’s operating system was posted on the site Github in what could be one of the biggest Apple leaks ever. The leaked source code is that of the the iBoot code that ensures the booting cycle is signed by Apple.
First reported by Motherboard, the iBoot code appeared in Github. In an effort to have the code taken down, Apple filed a DMCA takedown, and in the process inadvertently confirming the code’s legitimacy. To get the DMCA, Apple had to sign under penalty of perjury that the code was in fact legit.
The purpose of the iBoot code is to ensure a secure boot and to check the kernel is signed by Apple. The version of the code that was leaked was for iOS 9, but a lot of the elements of the code are still used in iOS 11.
As a result of the leak, this may give hackers the ability to find new vulnerabilities. But it’s not definitive at the moment, as some portions of the code necessary to find these vulnerabilities are missing.
Beyond just the iBoot code, the leak also included a document directory that provides more information about iBoot, reports Redmond Pie. This opens the door to access the bootrom source code.
This is no small matter for Apple. It considers the iBoot source code to be extremely important, offering a bug bounty of $200,000 for iBoot, the biggest sum as part of its bug bounty program.
Apple responded to the leak in a statement to CNET downplaying the leak.
Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.
That was expected on Apple’s part as it tries to minimize the ramifications of the leak. It is right that it has implemented multiple layers of safeguards with newer updates against security flaws, but doesn’t completely quell worries of the leak yet.
We won’t know the full implications of the iBoot source code leak for some time. It may come to nothing or some hackers could exploit a flaw leading to some serious issues.