Purported iOS iBoot source code leaks, potential security issue for iPhones

Share

The real pros who work for or with the NSA and other intelligence agencies probably reverse-engineered iOS 9 two years ago.

Source code for one of the core components of the iPhone operating system was leaked onto the internet yesterday via GitHub in what some are calling the biggest leak in history. iBoot is the code that loads the iOS and it runs first when the phone is turned on. Someone posted the code that is used to boot up iOS over on GitHub.

Specifically, the leaked code is for iOS 9.3, released in March 2016. However, it's likely that some people noticed the leak and have been working on discovering iOS vulnerabilities for months.

Justified actor Mickey Jones dies at 76
On the big screen his credits included Total Recall , National Lampoon's Vacation , Starman , Tin Cup and Sling Blade . He played the drums, working with artists including Trini Lopez, Johnny Rivers, Kenny Rogers, and The First Edition.

Apple is famous for keeping its code secret, but this leak might result in some headaches for the Cupertino tech giant. There are missing files so it can't be compiled, but hackers might still take advantage of this iPhone source code to find vulnerabilities in iOS and create jailbreaks.

It's not clear whether this leak poses any kind of security threat, as the same code has apparently been circulating privately among iOS researchers for some time, and was even posted on Reddit in the fall of 2017.

iBoot is the iOS code that ensures a secure boot by loading and checking that kernel is properly signed by Apple before running the OS.

Dow taking wild ride after largest single-day drop in history
On Monday, Jerome Powell, who has served on the Federal Reserve Board of Governors since 2012, was sworn in as the new Fed chair. The Dow plunged almost 666 points on Friday, marking its biggest one day plunge since June 2016 following the Brexit vote.

That said, it's unclear how much of the iOS 9-vintage code remains in the current iOS 11 and near-future iOS 12 iBoot process, nor how improvements to the secure enclave hardware may have mitigated risks to nearly all iOS devices now being sold. Apple considers iBoot to be such a critical part of iOS that it offers $200,000 for vulnerabilities, the most in its bug bounty program.

Although initially published to a repository on programming website GitHub, the code has now been replaced with a copyright notice - with some suggesting this may prove its authenticity. It is thus likely mostly a concern for users of older iOS devices lacking the "secure enclave", a hardware security feature found in all Touch ID devices since the iPhone 5s. GitHub took down the code soon after.

Mayweather Seriously Considering UFC Bout With McGregor
Despite White's comments, Mayweather has insisted he didn't commit to a rematch on McGregor's turf. He tried to file this name for trademark shortly after his fight with Floyd Mayweather .

Share