Apple plays down iBoot iOS code leak

Apple has encouraged its customers to update to the newest software releases

Apple has moved to play down fears regarding a recent leak of the iBoot source code that forms a core part of iOS.

Initially it seemed as though Apple's much-vaunted security had been threatened by the unknown postage of portions of its source code for a critical iOS component to Github.

But now Cupertino has issued a statement acknowledging the leak but insisted that the security of their products didn't "depend upon the secrecy" of their source code.

Apple stated that the leaked source code was out-dated and encouraged customers to "update to the newest software releases to benefit from the latest protections".

The leaked code could enable hackers to find loopholes and exploits in Apple's trusted boot systems, which would then undermine the security of iOS entirely.

Security experts warned that though the leaked code was for the iOS 9, which is used only by about 7% of iOS devices, modern systems would still be vulnerable to attacks, as much of the components in iOS 9 can be found in the latest version of Apple mobile operating system.

Apple is highly protective of the code surrounding its devices' boot services, offering a bug bounty scheme that rewards people with $200,000 for identifying any potential flaws in their systems.

The leak of the source code had stirred concern; Andy Kays, CTO of the UK security firm Redscan noted: "Vendors relying excessively on code obfuscation to maintain the security of their products will always be vulnerable to leaks. Any provider that takes security seriously should always conduct rigorous threat modelling based on the assumption that source code will be exposed as some point and put in place appropriate controls to counter it."

However, he also pointed out that iPhone owners do not currently need to worry about any imminent security threats resulting from this leak. "Sensibly, Apple has taken other steps to improve the protection of its products, such as improving the security of copprocesses, so users of its latest devices don't need to be unduly concerned by the release of the iBoot firmware."

08/02/18: Apple's legendary security may be in serious trouble, after an unknown party posted portions of the source code for a critical iOS component to Github.

According to Motherboard, the section found on the code-sharing platform governs iOS' 'iBoot' function, which controls the operating system's trusted boot functionality and is a core part of how iOS remains so secure.

The leaked code could allow hackers to find loopholes and exploits in Apple's trusted boot systems, which could then be used to compromise the security of iOS as a whole. While the iBoot source code which appeared on Github was for iOS 9 rather than the most recent releases, security experts have warned that it could still be used to exploit modern systems as much of the code is likely to remain the same.

Although Apple expert Jonathan Levin told Motherboard that the code appears to be genuine based on what he has reverse engineered from iOS, it's still officially unconfirmed whether or not this is actually leaked code or merely a hoax. It's also not known whether the code was posted to Github accidentally, or whether it was a deliberate leak.

Apple is extremely protective of the code surrounding its devices' boot processes finding a flaw in one will net you the maximum payment of $200,000 that the company offers through its bug bounty scheme. It has also firmly eschewed making any part of its boot code open source, despite making certain parts of its source code freely available.

IT Pro contacted Apple for comment on the matter, but hadn't received a reply at the time of publication.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020
Ransomwiz lets you test your security with simulated ransomware
ransomware

Ransomwiz lets you test your security with simulated ransomware

21 Sep 2020

Most Popular

Unilever adopts Google Cloud’s complex data processing for conservation drive
big data analytics

Unilever adopts Google Cloud’s complex data processing for conservation drive

22 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020