IPhone iBoot Source Code Leaked Online Sparking Security Headache For Apple

Share

Apple would appear to have sent a DCMA takedown notice to Github, where the code was leaked, this indicating the code posted was of some large outcome.

Flaws in older versions of iBoot have been leveraged by hackers to compromise the iPhone's security, but users have also relied on the vulnerabilities for jailbreaking. But in a move that some Mac and iOS experts are calling the "the biggest leak in history", an unknown source appears to have laid bare parts of the iPhone's critical boot code on Github. It's the first thing that runs when you turn on your iPhone. It starts its process and verifies that the kernel is properly signed by Apple, at which point it executes the bootup process. And that's likely the case with iBoot, where the merely curious and those interested in discovering valuable vulnerabilities in Apple's code have surely downloaded the source code.

The Pixel Visual Core, explained
So basically Google is extending its photo processing capabilities to popular photography, social media, and camera apps as well. When the Pixel 2 (particularly the XL version) started to go wrong, Google responded by offering a warranty extension.

Oil prices fall on strong dollar, Brent near one-month low
USA government data last week showed output climbed above 10 million barrels per day in November for the first time since 1970. But rising USA shale production, evidenced by increased drilling activity, has started to weigh on crude, analysts say.

PM proclaims innocence as police said 'unanimous' on proposing bribery charges
Ynet reported that police are split on whether they have evidence to bring charges against Netanyahu on that that case. The feud comes as local media are reporting that police plan to recommend indicting the Premier as early as next week.

According to Motherboard, a few hours after the story broke, Apple sent a DMCA legal notice demanding GitHub take down the iBoot code. These types of jailbreaks used to be common on older versions of iOS, but as Apple has increased the security of their operating system with features such as the Secure Enclave Process chip, it's been more and more hard to unlock phones in this manner. "Apple does not use security through obscurity, so this does not contain anything risky, just an easier to read format for the boot loader code".

The Reddit user who posted the code was relatively new to the website, so the code was subsequently buried relatively quickly. However, security researcher Jonathan Levin confirms the code is the real deal as it matches some iBoot code he himself has reverse engineered. The code includes Apple's copyright notice - which was clearly visible when it was uploaded on GitHub. The semi-good news it that Apple filed a take down request with GitHub and the code is down now. "It is not open-source". However, Apple hasn't officially commented on the leak yet and thus the final authenticity remains unproven. It's likely we'll see some changes in the source code moving forward in order to address some of the damage that is now possible at the hands of enterprising hackers.

Share