Apple plays down iBoot iOS code leak

Apple has encouraged its customers to update to the newest software releases

Apple has moved to play down fears regarding a recent leak of the iBoot source code that forms a core part of iOS.

Initially it seemed as though Apple's much-vaunted security had been threatened by the unknown postage of portions of its source code for a critical iOS component to Github.

Advertisement - Article continues below

But now Cupertino has issued a statement acknowledging the leak but insisted that the security of their products didn't "depend upon the secrecy" of their source code.

Apple stated that the leaked source code was out-dated and encouraged customers to "update to the newest software releases to benefit from the latest protections".

The leaked code could enable hackers to find loopholes and exploits in Apple's trusted boot systems, which would then undermine the security of iOS entirely.

Security experts warned that though the leaked code was for the iOS 9, which is used only by about 7% of iOS devices, modern systems would still be vulnerable to attacks, as much of the components in iOS 9 can be found in the latest version of Apple mobile operating system.

Apple is highly protective of the code surrounding its devices' boot services, offering a bug bounty scheme that rewards people with $200,000 for identifying any potential flaws in their systems.

Advertisement - Article continues below
Advertisement - Article continues below

The leak of the source code had stirred concern; Andy Kays, CTO of the UK security firm Redscan noted: "Vendors relying excessively on code obfuscation to maintain the security of their products will always be vulnerable to leaks. Any provider that takes security seriously should always conduct rigorous threat modelling based on the assumption that source code will be exposed as some point and put in place appropriate controls to counter it."

However, he also pointed out that iPhone owners do not currently need to worry about any imminent security threats resulting from this leak. "Sensibly, Apple has taken other steps to improve the protection of its products, such as improving the security of copprocesses, so users of its latest devices don't need to be unduly concerned by the release of the iBoot firmware."

08/02/18: Apple's legendary security may be in serious trouble, after an unknown party posted portions of the source code for a critical iOS component to Github.

Advertisement - Article continues below

According to Motherboard, the section found on the code-sharing platform governs iOS' 'iBoot' function, which controls the operating system's trusted boot functionality and is a core part of how iOS remains so secure.

The leaked code could allow hackers to find loopholes and exploits in Apple's trusted boot systems, which could then be used to compromise the security of iOS as a whole. While the iBoot source code which appeared on Github was for iOS 9 rather than the most recent releases, security experts have warned that it could still be used to exploit modern systems as much of the code is likely to remain the same.

Although Apple expert Jonathan Levin told Motherboard that the code appears to be genuine based on what he has reverse engineered from iOS, it's still officially unconfirmed whether or not this is actually leaked code or merely a hoax. It's also not known whether the code was posted to Github accidentally, or whether it was a deliberate leak.

Advertisement - Article continues below

Apple is extremely protective of the code surrounding its devices' boot processes finding a flaw in one will net you the maximum payment of $200,000 that the company offers through its bug bounty scheme. It has also firmly eschewed making any part of its boot code open source, despite making certain parts of its source code freely available.

IT Pro contacted Apple for comment on the matter, but hadn't received a reply at the time of publication.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



How to delete apps on Android and iOS

6 Jul 2020

The New York Times ends partnership with Apple News

1 Jul 2020

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020