IBoot source download: Apple hits biggest leak ever with DCMA

Feb 09, 2018, 01:56
IBoot source download: Apple hits biggest leak ever with DCMA

Even Apple might have had to inadvertently confirm the authenticity of this leak when it sent a legal DMCA notice to get GitHub to take down the code.

As reported by Motherboard, certain "key" iOS source code was recently published on Github for the world to see. Now, it's almost impossible for hackers to even find bugs in iOS code, making iOS exploits relatively rare, unlike in Windows and Android. The company launched its bug bounty program in 2016, and flaws in secure boot firmware components were valued at up to $200,000. You can imagine the damage hackers can do to iPhone users if they find some nice little holes in iBoot thanks to the leak.

iBoot loads and verifies that the kernel is properly signed by Apple before executing it.

As ever, Apple recommends updating the latest version of iOS to ensure current security fixes are in place. "It's a huge deal".

He continued on to suggest that the code appeared to be real iPhone source code because it aligned with the code he had reverse engineered himself.

Even though the software is about two years old, and most iPhones now run iOS 11, the iOS 9 code contained the secret instructions that boot an iPhone (called "iBoot" by some), which may not have changed much in the interim. Security researchers told the publication their checks show the code is legit and really is part of iOS 9. Apple hasn't commented on the matter as yet.

Apple has since requested GitHub take down the code under a copyright claim, but it's likely that the code has been stored and shared widely online in the hours it was available.

Though iPhone users are not at immediate risk following the leak, security experts have warned that hackers could develop ways to recreate the code and alter it for their own malicious purposes in the future. "It is not open-source". For so long, these codes have been well kept under wraps, as Apple has been very hesitant on sharing them openly with the public. iBoot, in particular, is a highly critical component. These days, modders are more likely to sell the exploit than release it for free to the jailbreak community.