Share:

iOS 9 Source Code Posted to GitHub in Unprecedented Leak [u]

Share:

Apple source code for iBoot, the part of iOS that ensures a trusted boot of the iPhone’s operating system, has purportedly been leaked to Github, giving hackers a deeper look at the inner workings of the Cupertino company’s closed garden.

According to a report from Motherboard, an anonymous user has uploaded what appears to be the source code of iBoot — the iOS secure bootloader — on GitHub, and all evidence suggests the code is authentic.

“This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, said. “It’s a huge deal.”

A link to the source code became viral last night on Twitter, and drew Apple’s attention, prompting the company to send a DMCA takedown request to GitHub to take down the repository. iOS experts who managed to grab a copy or had a chance to analyze it said the code is from iOS 9.3, released in March 2016.

The code is tied to iOS 9, but some aspects of it are likely still valid in iOS 11, the latest version of Apple’s mobile operating system. For so long, these codes have been well kept under wraps, as Apple has been very hesitant on sharing them openly with the public.

iBoot, in particular, is a highly critical component. In fact, users who find bugs or vulnerabilities in the bootup process can receive as much as $200,000 as part of the company’s bug bounty program, Motherboard reports.

The GitHub repositories containing the leaked iBoot source code have been taken down and replaced with a DMCA notice from one of Apple’s law firms, Kilpatrick Townsend & Stockton, which cites Apple‘s ownership. The DMCA takedowns have also been applied to over a dozen cloned iBoot repositories.

In a section explaining the reasons for the takedown and content type, the law firm says the notice covers “reproduction of Apple’s iBoot source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software. The iBoot source code is proprietary and it includes Apple’s copyright notice. It is not open source.”

While the leak will probably not have any widespread repercussions for the vast majority of Apple device users, it will be of interest to those who want to sift through firmware code looking for unexplored ways to fiddle with iPhones and iPads.

Update Feb. 8: Apple told CNET the following statement:

“Old source code from three years ago appears to have been leaked,” Apple said in a statement, “but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

Share: