Advertisement

Crucial iPhone source code posted in unprecedented leak (updated)

Apple took it down via a DMCA, but the iBoot code is now in the wild.

Photothek via Getty Images

Critical, top secret Apple code for the iPhone's operating system was posted on Github, opening a new, dangerous avenue for hackers and jailbreakers to access the device, Motherboard reported. The code, known as "iBoot," has since been pulled, but Apple may have confirmed it was the real deal when it issued a DMCA takedown to Github, as Twitter user @supersat noted.

iBoot is the iOS code that ensures a secure boot by loading and checking that kernel is properly signed by Apple before running the OS. The version that was posted to Github, and brought to the attention of the community by a Twitter user named @q3hardcore, was for iOS 9, but much of it likely still exists in the latest version, iOS 11.

The code can't be compiled because certain files are missing, but researchers and hackers who know what to look for could probe it for vulnerabilities. "This is huge," author and security researcher Jonathan Levin said. "The leaked sources of iBoot ... bring us closer to a truly liberated iOS booted on generic arm boards and/or emulator," he added on Twitter. Levin and other security researchers believe the code is the real deal.

iPhones used to be relatively easy to jailbreak before Apple introduced the "secure enclave co-processor" with the TouchID of the iPhone 5s. Now, it's nearly impossible for hackers to even find bugs in iOS code, making iOS exploits relatively rare, unlike in Windows and Android. As such, the iBoot leak is exposing code that hardly anyone has seen before.

The iBoot dump first appeared last year on Reddit, but received little notice from the security community until it hit Github. Apple considers iBoot to be such a critical part of iOS that it offers $200,000 for vulnerabilities, the most in its bug bounty program. That means the release of the source code could amount to a gold rush for many researchers.

Update: Motherboard quoted Jonathan Levin as calling the code posting "the biggest leak in in history," but Levin clarified on Twitter that he never actually said that. Nonetheless, he did say that "this is huge." The article has been updated with the correct information.

Update, 2/8/18 1:30PM ET: Apple has given Engadget the following statement:

"Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections."

Update, 2/8/18 5:30PM ET: Twitter user @q3hardcore didn't post the GitHub leak, but merely brought it to the attention of the community. The post has been updated with the correct information.