Critical iPhone Boot Code Allegedly Published On Github

Adjust Comment Print

Apple indirectly confirmed that the source code posted on GitHub was legit after it issued a DMCA takedown under penalty of perjury on Wednesday. Bugs targeting the boot process can get hackers up to $200,000 from Apple's bug bounty program, and possibly much more from zero-day aggregators. The code that found its way to GitHub is responsible for ensuring that a trusted boot of the operating system is performed.

The code itself pertains to the company's iconic smartphone's "iBoot" system which is launched when a user presses the power button on their devices.

It loads, verifies that the kernel - the "heart" of the operating system's code - is actually signed by Apple, and then executes the code and takes you to the lock screen. Modern version of Apple's operating system came with new security features to stop the breaches. While the code is connected to an older version of iOS, bits and pieces of it are likely still in use in today's version of the software. Apple watchers fear the unauthorized posting on GitHub could turn out as the biggest leak episode in the company's history. However, security researcher Jonathan Levin confirms the code is the real deal as it matches some iBoot code he himself has reverse engineered.

Still, it's worth noting that this leaked source code was reportedly specific to iOS 9. The jailbreaks used to be easier to implement on iPhones and were much more common years ago, however the process has gotten more hard through more advanced iOS devices. The leak involves proprietary information that Apple works hard to keep secret. Unfortunately, the door is still more open than ever for various vulnerabilities the leaked code might reveal.

Israel sinks more West Bank roots
Israeli forces had been hunting the final member of the cell that killed Rabbi Shevach in a drive-by shooting on January 9. The Palestinians want all the settlements, built on land they claim for a future state, removed.

IBoot is created to guarantee that a valid, trusted version of iOS is being loaded, and unlike other portions of iOS that have been open-sourced, it's been kept opaque for security reasons.

Shortly after that article was posted, the publication updated its report to say that Apple had sent GitHub a Digital Millennium Copyright Act (DMCA) takedown notice demanding removal of the source code link.

It is very likely that the code may have been spotted and was circulating in the jailbreaking and hacking community.

Comments