Apple continues to guard its ecosystem aggressively there are occasionally some leaks that lead to security problems for the company. They posted the code that is used to boot up iOS over on GitHub last night. This code belongs to an older version of iOS; it is believed that the iOS version is 9.
Apple’s top-secret iBoot firmware source code spills onto GitHub
The iBoot, the code is kept private similarly to other code developed by Apple. Security experts suggest that iBoot is the core of Apple’s iOS which could be used by hackers to find vulnerabilities in iOS.
Bugs targeting boot process can get hackers up to $200,000 from Apple’s bug bounty program, and possibly much more from zero-day aggregators. The report from Motherboard suggests that the code was available for everyone until Apple filed a copyright takedown request with GitHub and forced to remove the code.
However, one clone of the code is already remerged on GitHub meaning there will be dozens of a copy of Apple’s iBoot source code on the internet by the time.
iBoot is second-stage bootloader which provides iOS recovery Mode. It runs on-screen and over a physical USB or series interface. iOS experts also said that is responsible for ensuring a trusted boot of iOS.
While some may question the authenticity of this piece of code, several researchers have confirmed that it aligns with the reverse engineered code.
Apple is famous for keeping its code secret, but this leak might result in some headaches for the Cupertino, tech giant. “This is the biggest leak in history,” Jonathan Levin, who wrote some books on iOS and macOS told the publication.
“It’s a huge deal.”
Apple said iBoot source code is proprietary and not open-source. The code includes Apple’s copyright notice – which was visible when it was uploaded to GitHub. However, GitHub wasn’t the only site where it appeared. The iBoot source code first appeared on Reddit last year but didn’t get much attention.
It is very likely that the code may have been spotted and was circulating in the jailbreaking and hacking community all this time. However, after today’s attention, we might get to hear about some jailbreaking possibilities.