Apple confirms massive iOS leak but says it's not so bad

Apple confirms massive iOS leak but says it's not so bad

Apple confirms massive iOS leak but says it's not so bad

If you're running an older iPhone or iPad that's stuck on iOS 9, then you need to plan some sort of escape strategy following this week's leak of Apple's iBoot source code to GitHub. By doing so, it added, Apple "indirectly confirmed that the code was real".

According to Motherboard, the intern who stole the code took it and distributed it to a small group of five friends in the iOS jailbreaking community in order to help them with their ongoing efforts to circumvent Apple's locked down mobile operating system.

The same code was posted four months ago on Reddit, although that link has also been taken down.

Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, called the leak "huge", speculating the code is now making rounds in the underground iOS jailbreaking community. The leak involves proprietary information that Apple works hard to keep secret.

"However, this is a big blow to iOS security as iBoot is critical to the secure boot process on the phone", Spanier continued. The source code appears to be for the iOS 9 version of iBoot, a stage 2 bootloader that verifies a device's iOS kernel and enables operation in Recovery Mode. However, Apple did not explain how the source code ended up being exposed to the public.

"Vendors relying excessively on code obfuscation to maintain the security of their products will always be vulnerable to leaks".

Apple, for its part, continues to downplay the severity of the current leak. That's applies to this case in particular, since the leaked source code is said to contain documentation. "By design the security of our products doesn't depend on the secrecy of our source code", it said in a statement following Wednesday's distribution on GitHub. Microsoft warned at the time that anyone who searching for or sharing such code was engaging in illegal activity, and sent letters to that effect to people who had downloaded the code. Most of the code leaked has likely already been replaced by new builds of iOS 10 and iOS 11. "Where exactly it came from, no one is sure for now".

Related news