The source code to Apple’s iBoot firmware used in iPhones, iPads and iOS devices in general has leaked onto the public GitHub site. No one (for now) appears to know how the confidential closed-source code got there, but according to The Register, it has “been quietly doing the rounds between security researchers and device jailbreakers on Reddit for four or so months”. Within the last few days, someone dropped a copy of the proprietary code onto developer hangout GitHub, making it available for anyone to see. Specifically the code is from iOS9’s iBoot, which was first released in 2015; although some of the leaked files had 2016 on them. It’s unclear how much of the old source code has transferred over to iOS11.
Following a DMCA complaint by Apple, the source was quickly taken down, which suggests that it is real as no one else would have the authority to have it removed from the site. However, at least one software blueprint clone has already reemerged. Downloading it is not recommended. Every file is marked “this document is the property of Apple Inc.” and “It is considered confidential and proprietary. This document may not be reproduced or transmitted in any form, in whole or in part, without the express written permission of Apple Inc.”
The blueprints include low-level system code written in 32 and 64-bit Arm assembly, operating system utilities, build tools and drivers.
iBoot is a second-stage bootloader, which provides iOS’s Recovery Mode to fix kit that gets damaged. It is stored in an encrypted form on devices, and is essential to the integrity of the operating system. It verifies that a genuine build of iOS is present and starts up the software when the Apple device is powered on or rebooted. It can be used to jailbreak iOS device.
The released source doesn’t put users directly at risk; however, it makes it easier for hackers to identify exploitable vulnerabilities, and leverage them to take over iBoot and jailbreak Apple devices.
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” Apple told AppleInsider. “There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
Users who regularly update their devices with the latest iOS versions should be well protected against any bugs. According to Apple’s own metrics, 93 per cent of users are running iOS 10 or above.
Given the possible damage a successful hack could cause, Apple gives out a $200,000 bounty for the discovery of holes in iBoot, Hackers could well produce new jailbreaks —something Apple will want to prevent for security reasons and to keep people coming to the App Store.