Source code for Apple’s iBoot has been posted on GitHub, potentially exposing Cupertino’s locked-down mobile software to hackers.
iBoot is the iOS code that ensures a secure boot by scanning that kernel is officially signed by Apple before loading and running the OS.
Access to the source code is a way for security researchers to discover flaws in source code and report any viruses that could be open to hackers.
Jonathan Levin, author of many books on the subject, told Motherboard this ‘is one of the biggest leaks in history’.
Having access to the source code of iBoot gives iOS security researchers a better chance to find vulnerabilities that could lead to compromising or jailbreaking the device, Levin said. That means hackers could have an easier time finding flaws and bugs that could allow them to crack or decrypt an iPhone. And, perhaps, this leak could eventually allow advanced programmers to emulate iOS on non Apple platforms.
Vulnerabilities in previous versions of iBoot allowed jailbreakers and hackers to brute-force their way through the iPhone’s lock screen and decrypt a user’s data. But newer iPhones have a chip called the Secure Enclave Processor, which has hardened the security of the device.
Apple has traditionally been very reluctant to release code to the public, though it has made certain parts of iOS and MacOS open source in recent years. But it has taken particular care to keep iBoot secure and its code private; bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000.
Thanks to the Secure Enclave Processor chip in modern iPhones, jailbreaking iOS has become increasingly tricky work.
Apple is yet to respond to the leak.
This source code first appeared last year on the Jailbreak subreddit.