A skilled anonymous hacker leaked the source code for Apple's ultra-secret iBoot software on Wednesday, raising fears that almost any iPhone might be vulnerable to hackers.
The Source code for iBoot, which is the first app that runs when you turn on an iOS device, was posted by an anonymous user 'Zioshiba' on GitHub.
For example, iBoot runs when the iPhone transitions from a black screen to a white screen and then the iOS home screen.
The event captured the attention of several security experts, including one who told Motherboard that it was the 'biggest leak in [Apple's] history.'
An anonymous hacker posted source code for Apple's iBoot software, which is the first app that runs when you an iPhone turns on. Apple managed to keep it completely secret until now. Stock image
COULD YOUR IPHONE BE AFFECTED BY THE IBOOT LEAK?
An anonymous GitHub user posted Apple's ultra-secret iBoot source code on the internet on Wednesday.
One security researcher called it the 'biggest leak in [Apple's] history.'
However, Apple has since downplayed the leak, saying that the source code was for iBoot running on iOS 9.
Only 7% of users are still running devices with software older than iOS 10, which was released in 2016.
If you're using software that's older than iOS 9, which was released in 2015, you should update your device.
Security researchers are still cautioning that the outdated code could give hackers an inside look into how Apple's secret boot software works.
'It's a huge deal,' Jonathan Levin, who writes books about iOS system programming, said in an interview with Motherboard.
Levin was also able to confirm that the source code is authentic.
With iBoot out in the open, it could make it easier for hackers to spot vulnerabilities in the software.
It could also open up opportunities for savvy consumers to 'jailbreak' their iPhones, or free their device from constraints imposed by Apple.
When an iPhone has been jailbroken, users can run software that's not typically allowed or delete applications that come pre-loaded on the device, also known as 'bloatware.'
Apple recently began using Secure Enclave processors that ensure greater security and made jailbreaking almost obsolete.
Fortunately, many of the risks associated with the leak have been mitigated.
Apple has since responded and said that the leak concerns source code from iOS 9, which was released in 2015.
'Old source code from three years ago appears to have been leaked,' Apple told CNET.
'But by design the security of our products doesn't depend on the secrecy of our source code.'
'There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections,' the firm added.
Pictured, a screen shot of the iBoot soure code that was leaked by GitHub user 'Zioshiba.' The code was for iOS 9, however, which means that fewer iOS devices will be affected by the leak
Apple filed a copyright takedown request demanding that the source code be removed from GitHub's website, but the code has since appeared on other websites
Only 7% of iOS devices are using a version older than iOS 10, which was released in 2016, according to Apple's website.
If you're part of that 7%, security experts strongly advise that you update to a newer version of Apple's iOS software.
Although Apple says the leak isn't much to worry about, it still took steps to take the iBoot code off of the internet.
The firm filed a copyright takedown request on Thursday that demanded it be removed.
'The "iBoot" source code is proprietary and it includes Apple's copyright notice,' the request reads. 'It is not open-source.'
Only 7% of iPhone owners are still running software that's older than iOS 10, according to Apple. This means that a relatively small group of iPhone users would be affected by the leak
The code has since popped up on other sites, which could give hackers a peak into the inner workings of Apple's iBoot software.
However, security experts say it doesn't generate much risk for the average iPhone user.
'In terms of end users, this doesn't really mean anything positive or negative,' security researcher Will Strafach told TechCrunch.
Strafach echoed Apple's sentiment that the security of iOS devices doesn't depend on obscurity.
'This does not contain anything risky, just an easier to read format for the boot loader code'
'There is no way to really use any of the contents here maliciously or otherwise,' he added.
- Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History' - Motherboard
- Apple calls leaked iPhone source code outdated - CNET
- dmca/2018-02-07-Apple.md at master · github/dmca · GitHub
- Apple addresses iOS source code leak, says it appears to be tied to three-year-old software | TechCrunch
Published: 00:08 GMT, 9 February 2018 | Updated: 03:51 GMT, 9 February 2018