Science

Crucial iPhone source code leaks online

Crucial iPhone source code leaks online

Though the publication of iBoot was enthusiastically dubbed "the biggest leak in history" in the initial Motherboard report, the source code is believed to be from three-generations-old iOS 9.

According to Levin, the code looks real, as it matches the code he reverse engineered, Motherboard reported. The source code that was leaked online comes from the three-year-old iOS 9, though since it pertains the iPhone's boot process, it is likely still included in the latest version of Apple's mobile OS. However, that's no longer possible on new devices that have a Secure Enclave Processor on board.
The iBoot leak could bring back tethered jailbreaks too, the kind that require the phone to be connected to a computer when booting. The leak could pave way for hackers to identify vulnerabilities in the iOS and take advantage of it.

While the leak will probably not have any widespread repercussions for the vast majority of Apple device users, it will be of interest to those who want to sift through firmware code looking for unexplored ways to fiddle with iPhones and iPads.

'Game of Thrones' Creators To Write, Produce New 'Star Wars' Series
So if you're tracking Disney's cinematic march forward (cue John Williams and the peal of trumpets), you can see that our screens will be practically overlapping with fresh Lucasfilm fare.

It's not clear whether this leak poses any kind of security threat, as the same code has apparently been circulating privately among iOS researchers for some time, and was even posted on Reddit in the fall of 2017. It's very likely some of that code is still in iOS 11, which makes the leak a potential treasure trove for hackers, security researchers, and governments hoping to find exploits into iPhone and iPad encrypted data.

Apple's iBoot code ensures a secure boot into iOS by loading and checking that the kernel is properly signed before fully loading up. Although the leak is from iOS 9.3, which is nearly two-years-old, some of the code from iOS 9 likely still exists in iOS 11.2.5. Apple considers iBoot to be such a critical part of iOS that it offers $200,000 for vulnerabilities, the most in its bug bounty program.

This development can lead to compromising or jailbreaking of iOS-powered devices. The code includes Apple's copyright notice - which was clearly visible when it was uploaded on GitHub.