IBoot source code for iPhone leaked online

IBoot source code for iPhone leaked online

IBoot source code for iPhone leaked online

But it gives visibility into what the code does so anyone looking to reverse engineer iOS and write exploits can use this to make their job much easier. The company launched its bug bounty program in 2016, and flaws in secure boot firmware components were valued at up to $200,000.

According to Motherboard, the section found on the code-sharing platform governs iOS" "iBoot' function, which controls the operating system's trusted boot functionality and is a core part of how iOS remains so secure. It is, however, the first app that runs when you turn on an iOS device, silently transitioning from a black screen to the white Apple icon to iOS's colorful Home screen.

iBoot is described as the BIOS of the iPhone and is responsible for loading and verifying that the kernel is signed by Apple and then executes that kernel. On the other hand, researchers may also choose to poke about in the iBoot code, potentially disclosing any vulnerabilities they find to Apple.

Although this recent posting on GitHub is the most widely publicized leak of the documents, this actually isn't the first time the iPhone source code has made an appearance. Jonathan Levin, who writes books about iOS and macOS system programming, told Motherboardthat considering how careful Apple is to safeguard against leaks, he believes "this is the biggest leak in [its] history". "It's a huge deal". Another security researcher says the code is real. In a statement from Apple spokesperson, Apple confirmed the authenticity of the code but emphasized that it's for iOS 9, a three-year-old operating system that's been replaced with iOS 11 and is in use on only a small number of devices.

Apple is famous for keeping its code secret, but this leak might result in some headaches for the Cupertino tech giant.

The uploaded code has since been taken down, reportedly at Apple's request.

Interestingly, the same source code was also published on Reddit four months earlier by a user named apple_internals. "And now it's wide open in source code form", Levin continued. The release of legitimate source code can greatly increase the chances of a payday for intrepid security researchers.

Related news