On Wednesday, someone posted what experts recognized to be source code for “iBoot,” a main component of the iPhone’s operating system, on the software development platform GitHub.
Apple sent GitHub a DMCA (Digital Millennium Copyright Act) takedown request, confirming the code is currently in circulation — potentially opening the door for hackers to find vulnerabilities in iOS.
To put you at ease, it’s still a big “potentially.”
Apple isn’t sweating
iBoot code is essentially the first line of defense when booting up an iPhone. According to Ars Technica, if someone found a vulnerability in the iBoot code, they could “theoretically” break the security check and upload malware or emulate iOS on other devices.
Which, to the layman, seems like a big deal — but Apple says the source code that was leaked is outdated, meaning newer versions wouldn’t be affected.
It could also be used for good
Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, called the leak “huge,” speculating the code is currently making rounds in the underground iOS jailbreaking community.
Apple has led a bug bounty program in the past, offering researchers up to $200k to expose vulnerabilities in the boot process — meaning this leak could be another opportunity to strengthen security, depending on who gets their hands on it.
