Purported iOS iBoot source code leaks, potential security issue for iPhones

Share

The real pros who work for or with the NSA and other intelligence agencies probably reverse-engineered iOS 9 two years ago.

Source code for one of the core components of the iPhone operating system was leaked onto the internet yesterday via GitHub in what some are calling the biggest leak in history. iBoot is the code that loads the iOS and it runs first when the phone is turned on. Someone posted the code that is used to boot up iOS over on GitHub.

Specifically, the leaked code is for iOS 9.3, released in March 2016. However, it's likely that some people noticed the leak and have been working on discovering iOS vulnerabilities for months.

Winter Weather Advisory in effect Sunday morning, could affect mid-morning drive
Skies are to begin clearing on Wednesday with temperatures in the region expected to reach the upper 30s to mid-40s. There may be a transition back to light snow/freezing rain before the system moves out of the area.

Apple is famous for keeping its code secret, but this leak might result in some headaches for the Cupertino tech giant. There are missing files so it can't be compiled, but hackers might still take advantage of this iPhone source code to find vulnerabilities in iOS and create jailbreaks.

It's not clear whether this leak poses any kind of security threat, as the same code has apparently been circulating privately among iOS researchers for some time, and was even posted on Reddit in the fall of 2017.

iBoot is the iOS code that ensures a secure boot by loading and checking that kernel is properly signed by Apple before running the OS.

ICC opens preliminary probes into Philippines, Venezuela crimes
In his complaint, Sabio named as respondents Duterte, Speaker Pantaleon Alvarez, former Interior Secretary Ismael Sueno, Sen. Mr Duterte dared the court to bring him to trial and said he would rot in jail to save Filipinos from crime and drugs.

That said, it's unclear how much of the iOS 9-vintage code remains in the current iOS 11 and near-future iOS 12 iBoot process, nor how improvements to the secure enclave hardware may have mitigated risks to nearly all iOS devices now being sold. Apple considers iBoot to be such a critical part of iOS that it offers $200,000 for vulnerabilities, the most in its bug bounty program.

Although initially published to a repository on programming website GitHub, the code has now been replaced with a copyright notice - with some suggesting this may prove its authenticity. It is thus likely mostly a concern for users of older iOS devices lacking the "secure enclave", a hardware security feature found in all Touch ID devices since the iPhone 5s. GitHub took down the code soon after.

Snow and ice yellow warnings issued across Scotland
Snow showers have settled in parts of the United Kingdom as the mercury continued to plunge below freezing overnight. But the evening will see the weather drop to freezing and below, with the chill expected to last all weekend.

Share