iOS source code leak could be the worst Apple’s ever had to deal with
8 February 2018 | 0
Apple is used to fighting leaks about its upcoming products and OS releases, but it’s never had to deal with anything like this before. An anonymous user on the popular code-sharing server GitHub has posted a major component of the iOS source code for all to see, and some experts are fearing it could be “the biggest leak in history”.
As first reported by Motherboard, the leaked code has since been pulled off the site but not before countless people were surely able to get their hands on it. Apple was forced to use the Digital Millennium Copyright Act to get the code taken down, and as UW research scientist Karl Koscher mused on Twitter, the law essentially force Apple to admit that the code was real or else face perjury charges.
The code in question is for a version of iOS 9.3, which was released in spring 2016 and brought features such as Night Shift and various other improvements. The portion of the code that leaked is called iBoot, and as its name suggests, it controls the trusted boot-up process that springs into action every time you start up your iPhone.
While the leak is certainly embarrassing, it could also be dangerous. Apple’s boot process is the most essential part of its iOS code, providing front-line protection against malware and other attacks. It’s so sensitive, in fact, that Apple shells out up to $200,000 to developers who find vulnerabilities, according to reports on the invitation-only programme.
While the code is for a two-year-old OS, it’s likely that parts of it are still in use in the latest version of iOS 11. The most likely use for the iBoot code would be for creating jailbroken versions of iOS, but intimate knowledge of iOS’s source code could benefit hackers as well, as it provides an unprecedented look at how the iOS sausage is mode. By digging through the source code, malicious coders could spot vulnerabilities and inconsistencies in the code that could be used to attack all version of iOS, not just 9.3.
For the average user, there probably isn’t much to fear, at least not yet. To attack your phone using anything discovered in the iBoot leak, a hacker would likely need physical access to your phone and a bit of time to install a new OS on it. However, it does mean that hackers will be hard at work to find exploits in the code, as well as designers looking to emulate the iOS system. And it’s just one more embarrassing security story Apple has to deal with.
IDG News Service