(it's already off github but you can expect to find it elsewhere.  --rick)

Apple Facing Security Nightmare as iOS 9 Source Code Leaks

The iBoot source code, which handles loading and verifying iOS, was uploaded to 
GitHub for all to see.

By Matthew Humphries
February 8, 2018 6:30AM EST

Apple is today facing up to a potential security nightmare due to source code 
from iOS 9 being uploaded to GitHub. The identity of the person who leaked the 
code is currently unknown.

iOS 9 is old you may think, as we're now up to iOS 11, but that doesn't mean 
parts of the code from iOS 9 aren't still in use. As Motherboard explains, the 
situation is made worse for Apple because the source code that did leak is for 

Apple uses iBoot to handle booting iOS when you first turn on your iPhone. It 
is the first process to run and it verifies iOS has been properly signed by 
Apple. In other words, it's the first security check performed by Apple, 
meaning the code will be of great interest to hackers who would like to 
jailbreak newer versions of the mobile operating system.

Jonathan Levin, author of a trilogy of books on macOS and iOS internals, 
describes the source code leak as "the biggest leak in history" and "a huge 
deal." He has checked the code and believes it is the real iBoot code iOS 9 
uses. It's also worth noting that Apple's bug bounty program pays out the most 
money ($200,000) for vulnerabilities discovered in the boot process. According 
to Levin, this leak means tethered jailbreaks could soon re-appear for iOS.

Apple will by now be well aware of the leak and the software team who handle 
iBoot development will be reviewing what exactly leaked, what if anything it 
could reveal in terms of security vulnerabilities, and how to best mitigate any 
future hacks with an update to iOS 11.

Apple needs to react quickly because this source code leak isn't exactly new. 
It was first posted last year on Reddit, but mostly went unnoticed. Now the 
code is available on GitHub many more will take notice of it, but some 
hackers/researchers may have been reviewing it for months already.
Infowarrior mailing list

Reply via email to