Motherboard: Key iPhone source code gets posted online in ‘biggest leak in history’

Nope. Nope. Nope.

I hate headlines like this. Biggest leak in history? Come on.

Here’s where the reaction comes from:

Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.

The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.

This is true. It’s also true that Apple filed a copyright takedown and GitHub removed the post. But that’s a side note. Important, but a side note.

Buried down in the Motherboard article is this nugget:

This source code first surfaced last year, posted by a Reddit user called “apple_internals” on the Jailbreak subreddit.

This has been known about for some time. It’s iOS 9 source code and, while it’s likely true that some of that source code remains in iOS 11, Apple has known about this for long enough that they’ve certainly made any necessary changes to limit their exposure. I’d suggest that this GitHub publication had more value to the original poster and to Motherboard than to the anyone trying to hack the current version of iBoot.

And that said, I hope I’m right about this.



  • So long to the theory that public source code is more secure, that’s a damned if you do and damned if you don’t story

    • Katie

      <

      blockquote>Gℴogle is giving now $99 per/hr to complete some jobs from home .. Do work only for few time & enjoy greater time together with your circle of relatives … Anyone can catch this work!!!on Tuesday I purchased a brand new Chrysler after just getting $21683 this four weeks .it is truly the best work however you wo’nt forgive yourself if you do not go to this.!if513e:⇆⇆⇆ http://GoogleLinkWorkFromHomeOpportunities/earn/cash/$98/everyhour ♥o♥♥w♥♥z♥♥♥s♥♥j♥♥g♥♥w♥g♥x♥c♥i♥j♥♥k♥♥q♥u♥♥♥z♥♥w♥♥e♥♥♥s♥i♥♥d♥♥t♥d♥♥♥d♥♥♥h:::::!pf64u:wkyu

    • Cranky Observer

      One cannot assume that the mechanics of a security system will remain secret – over time every secret eventually leaks.