Sunday, 22 July 2018
Latest news
Main » Apple confirms iPhone source code leak

Apple confirms iPhone source code leak

11 February 2018
Apple confirms iPhone source code leak

Though iOS 9 is a dated version of the company's mobile operating system, it's possible that the leaked code could be used to jailbreak older devices or worse.

What makes this is so interesting - and potentially frightening - is that security researchers and hackers alike will scan through the code to try and find inherent flaws in it. Rusty Carter, VP of Product at Arxan Technologies commented below.

The leak first occurred some time ago, when a portion of source code associated with the iOS bootloader was posted in a repository on GitHub. "But the leak of this source code is proof that no environment or OS is infallible, and application protection from within the application itself is crucial, especially for business-critical, data-sensitive applications", says Carter. It's not yet known who leaked the code and what their motives for leaking it was. "[iBoot] is responsible for ensuring trusted boot operation of Apple's ioS software". The leaker hoped that the code would help the jailbreaking community circumvent Apple's notoriously hard to crack walled-garden mobile operating system.

After the first leak incident, Motherboard, a media outlet, anonymously got in touch with one of the five friends who first accessed the code. "Having the iBoot source code and not being inside Apple ... that's unheard of".

According to Apple, 93% of its users are using iOS 10 or above.

Apple has now confirmed the code was real, but said the incident would not affect the security of its devices as it did not rely on secrecy around code to protect its devices. In any case, Apple will have enough time to secure things up and might issue a patch to cover any risks posed by the leak. It is also a big deal because Apple has a bug bounty program in place that pays up to $200,000 for iBoot vulnerabilities. There are also concerns it could uncover new security vulnerabilities in iOS, which may be found by attackers.

"There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections", the statement from Apple read. Despite this danger, Apple has clarified that the source code was from the iOS 9 version, but did say that some iOS 11 aspects might still be affected.

Cyber-security expert Prof Alan Woodward, from the University of Surrey, said it was "extraordinary" that the code had been leaked.

Strafach echoed Apple's sentiment that the security of iOS devices doesn't depend on obscurity.