iBoot source code for iOS 9 shows up online in ‘biggest leak in history’
Last summer, when we still expected the iPhone X to be named iPhone 8, and an unauthorized HomePod firmware release revealed an unprecedented amount of official information on something Apple wanted to keep a secret until September, people called that the biggest leak in the company’s history.
But according to security experts, what cropped up on GitHub earlier this week was in fact potentially more damaging to the very nature of iOS. Now, the operating system hasn’t exactly been at its best in terms of stability recently, but what Apple might be dealing with here is not just an easily fixable bug or two.
iBoot source code appears to have leaked for iOS 9, and although a copyright takedown request has been granted and the code pulled from GitHub, there’s no way to know how many copies are now floating freely online and on potentially malicious computers.
The fact Apple quickly filed said DMCA takedown petition proves the code was legit, which several security researchers suggested after examining it for clues. iBoot is an integral part of iOS that basically works like an iPhone’s BIOS, loading, verifying and executing the kernel if properly signed by Apple. If not, your iDevice will not start. Hence, the dangers of someone messing with it.
Fortunately, there were missing files that meant you couldn’t compile the source code even if you managed to save it before it vanished from GitHub. Unfortunately, the door is still more open than ever for various vulnerabilities the leaked code might reveal. And yes, iOS 11 could be connected to version 9 in such a way that flaws discovered on the latter may also be executed on the former.