advertisement
advertisement

Apple downplays security risk of major iOS code leak

Apple downplays security risk of major iOS code leak
[Photo: Flickr user Kārlis Dambrāns]

An anonymous hacker published the source code of iBoot, a key part of iOS that determines if the operating system being started on a phone is trusted. It’s the first thing that runs when you turn on your iPhone. The hacker posted the code on GitHub Wednesday.

Apple quickly issued a DMCA demand to GitHub to remove the content, which GitHub did. Apple, unlike Android, is not open source, but rather is avidly guarded by Apple for security reasons. Apple says the code that was posted was three years old, and people who install the latest versions of iOS should be safe. The company had this statement for AppleInsider: 

“. . . by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

Still, the code is thought to be legit, and parts of the code may still be used in the iBoot in iOS 11. Coding expert Jonathan Levin told Motherboard: “This is the biggest leak in history . . . It’s a huge deal.” Even if iOS is impervious to any mischief hackers may get up to using the leaked code, one can’t help wonder if and when another more serious leak might occur.

advertisement
advertisement