Apple orders immediate removal as source code for iBoot, a vital iOS program, gets posted online on GitHub
Apple is in the middle of a serious security scare after the source code for iBoot was anonymously posted on GitHub.
The development is extremely serious, as iBoot is a critical component of the iPad and iPhone’s operating system. Hackers and security researchers could use it to find vulnerabilities in the iOS operating system or make jailbreaking iOS devices easier.
It has led Apple to quickly file a copyright takedown request with GitHub in an effort to force the company to remove the code.
The discovery of the iBoot source code on GitHub was first noticed by security website Motherboard.
It said that the iBoot source code is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In summary, it is the program that loads iOS, and is the first program that runs when an iOS device is booted up.
It loads and verifies the kernel is properly signed by Apple and then executes it. Essentially, it is like the BIOS code found in PCs.
According to Motherboard, the iBoot source code says it is for iOS 9, but portions of it are highly likely to be still in use in iOS 11.
It is reported that Apple has in the past been reluctant to release source code to the public, although it has made certain parts of iOS and MacOS open source in recent years. That said, iBoot is highly sensitive code, and Apple apparently pays up to $200,000 under its bug bounty program to anyone who discovers bugs in the boot up procedure.
“This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told Motherboard in an online chat. “It’s a huge deal.”
Levin said the code appears to be the real iBoot code because it aligns with code he reverse engineered himself. A second security researcher also said they believe the code is real.
It is not known who has leaked the source code, but there is sure to be investigation at Apple HQ.
And in a sign of serious the matter is, within hours of the leak being discovered, Apple filed a legal notice demanding that GitHub remove the source code.
“The ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source,” said the legal document.
At the time of writing on late Friday morning, it seems that GitHub has taken down the offending web pages.
In late November for example, a root flaw came to light that anyone running an Apple Mac with version 10.13. and 10.13.1 of its latest operating system (i.e High Sierra), could be exposed to a serious flaw with admin privileges.
Essentially, the flaw could have allowed admin access to Apple Macs by using the username ‘root’ and no password, which bypasses (in some cases remotely) local security settings.
Apple compounded the problem when it rushed out a patch within 18 hours of the flaw being reported. But it was found that the fix did not actually fix the problem, as the bug returns if Mac owners upgrade to the latest version of High Sierra after they have applied the patch.
And last October a flaw was discovered that could have allowed anyone to gain access to encrypted hard disk volumes on Mac OS. That issue meant that when a user requested a password hint for certain encrypted volumes the operating system instead displayed the entire password.
Do you know all about security in 2017? Try our quiz!