Earlier this week, iOS source code showed up on GitHub, raising concerns that hackers could find a way to comb the material for vulnerabilities. Apple has confirmed with TechCrunch that the code appears to be real, but adds that it’s tied to old software.
The material is gone now, politenes of a DMCA notice Apple sent to GitHub, but the occurrence was surely notable, given the tight grip the company traditionally has on such material. So, if the code was, indeed, what it purported to be, has the damage already been done?
Motherboard, which was among the first to note the code labeled “iBoot, ” reached out to author Jonathan Levin, who confirmed that the code surely appears real and called it “a huge deal.” While the available code appears to be fairly small, it could certainly offer some unique insight into how Apple runs its magic.
Much of the security concern is mitigated by the fact that it appears to be tied to iOS 9, a version of the operating system released three-and-a-half years ago. Apple’s almost certainly tweaked significant portions of the available code since then, and the company’s own numbers show that a large majority of users( 93 -percent) are running iOS 10 or afterwards. But could the commonalities offer enough insight to pose a serious potential threat to iPhone users?
Security researcher Will Strafach told TechCrunch that the code is compelling for the information it gives hackers into the inner workings of the boot loader. He added that Apple’s likely not thrilled with the leak due to intellectual property fears( consider: the DMCA request referenced above ), but this information ultimately won’t have much if any impact on iPhone owners.
“In terms of end users, this doesn’t really mean anything positive or negative, ” Strafach said in an email. “Apple does not use security through obscurity, so this does not contain anything risky, simply an easier to read format for the boot loader code. It’s all cryptographically signed on end user devices, there is no way to actually use any of the contents here maliciously or otherwise.”
In other terms, Apple’s multi-layered approach to keeping iOS secure involves a lot more precautions than what you’d see in a leak like this, however it may have constructed its route to GitHub. Of course, as Strafach correctly points out, the company’s still likely not thrilled about the optics around having had this information in the wild — if only for a short while.
Make sure to visit: CapGeneration.com