Apple ordered GitHub to remove iOS source code leak

Apple ordered GitHub to remove iOS source code leak

Part of the iOS boot code, called iBoot, was posted on GitHub yesterday for anyone to view-and without Apple's permission.

It could provide hackers with a treasure trove of information they could use to design new attacks against Apple's operating system iOS. It's the first process that runs when the devices are switched on. The code is known as "iBoot", and as you would imagine, Apple has been wrangling with DMCA takedown notices since. For instance on its site, Apple clearly states that an iBoot system disclosure could be worth as much as $200,000 since it is such an integral part of the iPhone's source code. Jonathan Levin, who writes books about iOS and macOS system programming, told Motherboardthat considering how careful Apple is to safeguard against leaks, he believes "this is the biggest leak in [its] history". "It's a huge deal".

The new iOS leak isn't even that new, The Register noted today, as it's been "quietly doing the rounds between security researchers and device jailbreakers on Reddit for four or so months, if not longer".

Apple is saying nothing about the leak, but the DMCA notice all but confirms that the leak is of legitimate code. On the other hand, researchers may also choose to poke about in the iBoot code, potentially disclosing any vulnerabilities they find to Apple.

While some may question the authenticity of this piece of code, several searchers have confirmed that it aligns with the reverse engineered code. However, security researchers suspect that much of the code is still active in iOS 10.

Apple has since requested GitHub take down the code under a copyright claim, but it's likely that the code has been stored and shared widely online in the hours it was available. Motherboard speculates that the leak could also enable programmers to emulate iOS on non-Apple platforms.

We reached out to the person who, under the username of ZioShiba, posted the source code to GitHub in the first place in an effort to determine his or her motives, but have not received a response as of press time. Unfortunately, the door is still more open than ever for various vulnerabilities the leaked code might reveal. These days, modders are more likely to sell the exploit than release it for free to the jailbreak community.