Apple’s iOS source code was leaked and posted online, which could cause a security issue and make devices running on iOS vulnerable to a potential security threat. The source code for iOS 9 labeled iBoot was shared on Github, according to Motherboard, which first reported the issue. Apple has since had the code taken down from Github after it filed a copyright request. With Apple, the iOS code is proprietary and not open-source.
According to the Motherboard report, the iBoot code is what ensures a “trusted boot of the operating system,” and loads iOS when a user turns on the iPhone. iBoot has to check if the kernel has been verified, signed by Apple and then the code is executed. However, Apple has said the iOS source code posted is outdated and any vulnerabilities will be outdated. According to the company, any vulnerabilities in the leaked code are likely already fixed by the company.
In a statement to CNET, Apple said, “Old source code from three years ago appears to have been leaked. By design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products…” Apple says they have always asked customers to update to the latest software to ensure protection against any vulnerabilities, security flaws.
iBoot is a crucial part of the iPhone and iPad’s security, making sure that the software has been authorised by Apple. iOS users will note that whenever an update is installed, it first gets verified for the signature from Apple, and then the package is installed on their iPhone or iPad. According to CNET, Apple offers $200,000 to anyone who can find problems with iBoot’s code as part of their bug bounty program as it is such a crucial part of their system.