IBoot source download: Apple hits biggest leak ever with DCMA

Feb 09, 2018, 01:56
IBoot source download: Apple hits biggest leak ever with DCMA

Even Apple might have had to inadvertently confirm the authenticity of this leak when it sent a legal DMCA notice to get GitHub to take down the code.

As reported by Motherboard, certain "key" iOS source code was recently published on Github for the world to see. Now, it's almost impossible for hackers to even find bugs in iOS code, making iOS exploits relatively rare, unlike in Windows and Android. The company launched its bug bounty program in 2016, and flaws in secure boot firmware components were valued at up to $200,000. You can imagine the damage hackers can do to iPhone users if they find some nice little holes in iBoot thanks to the leak.

iBoot loads and verifies that the kernel is properly signed by Apple before executing it.

As ever, Apple recommends updating the latest version of iOS to ensure current security fixes are in place. "It's a huge deal".

He continued on to suggest that the code appeared to be real iPhone source code because it aligned with the code he had reverse engineered himself.

Even though the software is about two years old, and most iPhones now run iOS 11, the iOS 9 code contained the secret instructions that boot an iPhone (called "iBoot" by some), which may not have changed much in the interim. Security researchers told the publication their checks show the code is legit and really is part of iOS 9. Apple hasn't commented on the matter as yet.

Apple has since requested GitHub take down the code under a copyright claim, but it's likely that the code has been stored and shared widely online in the hours it was available.

Though iPhone users are not at immediate risk following the leak, security experts have warned that hackers could develop ways to recreate the code and alter it for their own malicious purposes in the future. "It is not open-source". For so long, these codes have been well kept under wraps, as Apple has been very hesitant on sharing them openly with the public. iBoot, in particular, is a highly critical component. These days, modders are more likely to sell the exploit than release it for free to the jailbreak community.

YOU MIGHT ALSO LIKE
  • The Future of Windows Could Be Passwordless

    The Future of Windows Could Be Passwordless

    Microsoft says a lot of modern machines are capable of playing HDR but need to be calibrated in the factory to be able to do so. DDV lets users review the diagnostic data your device is sending to Microsoft, and now this data can also be deleted by users.
    U.S.  mulls how to shield Caribbean if Venezuelan oil is embargoed

    U.S. mulls how to shield Caribbean if Venezuelan oil is embargoed

    A ban on the sale of oil from Venezuela to the United States is something that needs to be considered, the U.S. The U.S. sends light crude oil to Venezuela, which has heavy crude.
    Bitcoin continues to tumble, briefly breaking below $6000

    Bitcoin continues to tumble, briefly breaking below $6000

    Citigroup, JPMorgan Chase, and Bank of America have all joined the ranks of the companies who have enacted a bitcoin ban. This has however not changed in February as today Bitcoin went down by 20% to trade below the $7,000 mark.
  • Major Active Mover of the day - Ford Motor Company (F)

    Major Active Mover of the day - Ford Motor Company (F)

    The firm owned 129,541 shares of the auto manufacturer's stock after purchasing an additional 17,650 shares during the quarter. Chief Executive Officer Sergio Marchionne has estimated about $1 billion a year in savings from the lower USA tax rate.
    New Strzok-Page texts: Obama wanted

    New Strzok-Page texts: Obama wanted "to know everything", but …

    Clinton used a private server and email accounts for official business during her tenure as secretary of state from 2009 to 2013. President Trump may not testify in the Russian Federation investigation according to sources close to his attorneys.
    36 in Global Syndicate Charged With $530 Million in Cybercrime Losses

    36 in Global Syndicate Charged With $530 Million in Cybercrime Losses

    Administrators also meted out punishments to members who broke rules and to members of rival criminal groups. After that, site co-founder Sergey Medvedev took over; Medvedev has since been apprehended.
  • Eastern Carolina school superintendent, family on derailed Amtrak train

    Eastern Carolina school superintendent, family on derailed Amtrak train

    As daylight broke, the crash scene revealed a tangle of crushed freight cars and part of the Amtrak train lying on its side. Lexington Medical Center said they had received 27 patients, all with minor injuries, and they are all being discharged.
    Reac: The New York Knicks have traded Hernangomez to the Hornets!

    Reac: The New York Knicks have traded Hernangomez to the Hornets!

    Instead of building on those numbers and finding a niche, the 23-year-old has seen a huge dip in playing time this season. He played in 72 games a season ago, getting a solid 18.4 minutes per contest and averaging 8.2 points and 7.0 rebounds .
    Markets stage smart recovery; Sensex bounces back over 300 points

    Markets stage smart recovery; Sensex bounces back over 300 points

    The index had lost 1,526 points in the previous five sessions after its remarkable over 2,200-point gain in January month. However, towards close, market recouped some losses led by value buying on account of earnings growth expectations.
  • Woman Who Won $560 Million in Powerball Sues to Keep Name Private

    Woman Who Won $560 Million in Powerball Sues to Keep Name Private

    In the past, other winners who wanted to remain anonymous would create trusts , and their trustees would claim the money for them. And the woman, recognized for the time being as Jane Doe , needs a court request to enable her to gather her rewards secretly.
    Ford Ranger Raptor Revealed Overseas

    Ford Ranger Raptor Revealed Overseas

    Will we see a Ranger Raptor in the United States? Ford Australia hasn't released pricing or the local release date. Contrasting Dyno Grey accents help to accentuate the vehicle's look even further.
    LeBron won't waive no-trade clause

    LeBron won't waive no-trade clause

    All they had to do was keep doing what they had been after the break, and they could escape with a win. For the Cavs, it was another hellish night in a season that's quickly turning into a massive disaster.
popular