Apple plays down iBoot iOS code leak

Apple has encouraged its customers to update to the newest software releases

Apple has moved to play down fears regarding a recent leak of the iBoot source code that forms a core part of iOS.

Initially it seemed as though Apple's much-vaunted security had been threatened by the unknown postage of portions of its source code for a critical iOS component to Github.

But now Cupertino has issued a statement acknowledging the leak but insisted that the security of their products didn't "depend upon the secrecy" of their source code.

Apple stated that the leaked source code was out-dated and encouraged customers to "update to the newest software releases to benefit from the latest protections".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The leaked code could enable hackers to find loopholes and exploits in Apple's trusted boot systems, which would then undermine the security of iOS entirely.

Security experts warned that though the leaked code was for the iOS 9, which is used only by about 7% of iOS devices, modern systems would still be vulnerable to attacks, as much of the components in iOS 9 can be found in the latest version of Apple mobile operating system.

Apple is highly protective of the code surrounding its devices' boot services, offering a bug bounty scheme that rewards people with $200,000 for identifying any potential flaws in their systems.

The leak of the source code had stirred concern; Andy Kays, CTO of the UK security firm Redscan noted: "Vendors relying excessively on code obfuscation to maintain the security of their products will always be vulnerable to leaks. Any provider that takes security seriously should always conduct rigorous threat modelling based on the assumption that source code will be exposed as some point and put in place appropriate controls to counter it."

However, he also pointed out that iPhone owners do not currently need to worry about any imminent security threats resulting from this leak. "Sensibly, Apple has taken other steps to improve the protection of its products, such as improving the security of copprocesses, so users of its latest devices don't need to be unduly concerned by the release of the iBoot firmware."

08/02/18: Apple's legendary security may be in serious trouble, after an unknown party posted portions of the source code for a critical iOS component to Github.

Advertisement - Article continues below

According to Motherboard, the section found on the code-sharing platform governs iOS' 'iBoot' function, which controls the operating system's trusted boot functionality and is a core part of how iOS remains so secure.

The leaked code could allow hackers to find loopholes and exploits in Apple's trusted boot systems, which could then be used to compromise the security of iOS as a whole. While the iBoot source code which appeared on Github was for iOS 9 rather than the most recent releases, security experts have warned that it could still be used to exploit modern systems as much of the code is likely to remain the same.

Although Apple expert Jonathan Levin told Motherboard that the code appears to be genuine based on what he has reverse engineered from iOS, it's still officially unconfirmed whether or not this is actually leaked code or merely a hoax. It's also not known whether the code was posted to Github accidentally, or whether it was a deliberate leak.

Apple is extremely protective of the code surrounding its devices' boot processes finding a flaw in one will net you the maximum payment of $200,000 that the company offers through its bug bounty scheme. It has also firmly eschewed making any part of its boot code open source, despite making certain parts of its source code freely available.

IT Pro contacted Apple for comment on the matter, but hadn't received a reply at the time of publication.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/business-strategy/33311/apple-launches-new-tv-gaming-and-finance-services
Business strategy

Apple launches new TV, gaming and finance services

25 Mar 2019
Visit/hardware/33929/jony-ive-a-retrospective
Hardware

Jony Ive: A retrospective

29 Nov 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/hardware/34606/apple-ipad-102in-2019-review-the-ipad-grows-up
Hardware

Apple iPad 10.2in (2019) review: The iPad grows up

10 Oct 2019

Most Popular

Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/security/vulnerability/354309/patch-issued-for-critical-windows-bug
vulnerability

Patch issued for critical Windows bug

11 Dec 2019
Visit/business/business-strategy/354304/ex-apple-cpu-architect-accuses-the-firm-of-invading-privacy
Business strategy

Ex-Apple CPU architect accuses the firm of invading privacy

10 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019