iPhone iBoot Source Code Leaked Online Sparking Security Headache For Apple
Apple is not happy at all today with some of its critical source code having been posted online for the world to see. Source code for iBoot, one of the key components in iOS that runs iPhones and iPads, was posted on GitHub. The leak of such proprietary and confidential software could make it easier for hackers to find and exploit flaws in the operating system.
The leak could also make it easier for security researchers to find and report flaws to Apple. Apple, like many major companies, has a bug bounty program and for anyone who finds a fault in the boot process, the payout could be as much as $200,000. The code that found its way to GitHub is responsible for ensuring that a trusted boot of the operating system is performed. This is the very first program that runs when a user powers up their iPhone.
iBoot is described as the BIOS of the iPhone and is responsible for loading and verifying that the kernel is signed by Apple and then executes that kernel. The version of iBoot that leaked is labeled as being for iOS 9. Apple's mobile device currently run iOS 11, but experts report that it is likely that some of the same code is still in use on the latest version of iOS.
Jonathan Levin, an author who penned a book series on iOS and Mac OS X, told Motherboard, "This is the biggest leak in history. It’s a huge deal."
Levin notes that the code appears to be real, a claim he bases on some code he reverse engineered himself. Apple has made no comment on the leak, but you can bet it is using all its muscle to find who leaked the code and punish them thoroughly. Apple released iOS 11.3 Beta 2 yesterday bringing with it new battery monitoring features.