New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

iOS 10 Beta Features Unencrypted Kernel Making it Easier to Discover Vulnerabilities

Apple's iOS 10 preview, seeded to developers last week, does not feature an encrypted kernel and thus gives users access to the inner workings of the operating system and potential security flaws, reports MIT Technology Review. It is not known if this was an unintentional mistake or done deliberately to encourage more bug reports.

ios10
Security experts say the famously secretive company may have adopted a bold new strategy intended to encourage more people to report bugs in its software--or perhaps made an embarrassing mistake.
In past versions of iOS, Apple has encrypted the kernel, aka the core of the operating system, which dictates how software uses the iPhone's hardware and keeps it secure. According to experts who spoke to the MIT Technology Review, leaving iOS unencrypted doesn't leave the security of iOS 10 compromised, but it makes it easier to find flaws in the operating system. Security flaws in iOS can be used to create jailbreaks or create malware.
The goodies exposed publicly for the first time include a security measure designed to protect the kernel from being modified, says security researcher Mathew Solnik. "Now that it is public, people will be able to study it [and] potentially find ways around it," he says.
Apple has declined to comment on whether the lack of encryption was intentional or a mistake, but security expert Jonathan Zdziarski believes it was done by choice because it's not a mistake Apple is likely to have made. "This would have been an incredibly glaring oversight, like forgetting to put doors on an elevator," he told MIT Technology Review.

He further suggests Apple may have chosen this route to prevent the hoarding of vulnerabilities like the one that was ultimately used by the FBI to break into the iPhone 5c of San Bernardino shooter Syed Farook and to have more people looking at the code to discover latent security flaws.



Top Rated Comments

(View all)

42 months ago
A part of me believes that Apple wants at-least 1 jailbreak per iOS release. Where would they get ideas for future iOS versions from if it weren't for the jailbreak community?
Rating: 21 Votes
42 months ago
If the next beta has it encrypted, it was a mistake. If it's open, it was on purpose.
Rating: 14 Votes
42 months ago
Something as big as this wouldn't have been a mistake or oversight.
Rating: 12 Votes
42 months ago

expert Jonathan Zdziarski believes it was done by choice because it's not a mistake Apple is likely to have made

I'm voting for a mistake.
Rating: 9 Votes
42 months ago
Do people still jailbreak these days? If so, what specifically for?

I personally no longer found a need to jailbreak after around iOS 7 or 8, so I'm just wondering what people still deem as missing.
Rating: 6 Votes
42 months ago

What the last two posts said above. Someone just got fired. This is huge.

There are going to be emergency meetings for months, maybe years. I wouldn't be surprised if TC is ultimately canned over this by the board after all the chips fall.


Let's pretend this was an engineering mistake, why on earth would Time Cook get fired over it? I don't think Tim Cook even knows how the iOS build process works, let alone be responsible for a mistake in it.
Rating: 6 Votes
42 months ago
Hopefully this means a quicker jailbrake. (That at this point is sort of unnecessary)
Rating: 6 Votes
42 months ago

would this essentially make iOS open source?

No. The source wasn't released.
Rating: 5 Votes
42 months ago

If the next beta has it encrypted, it was a mistake. If it's open, it was on purpose.


Thanks captain obvious
[doublepost=1466598796][/doublepost]

Again: It's NOT a security hole. As already said, if you have no clue about a matter, please stop spreading false statements, probably because of bad Hollywood movies, about it.

This thread is ridiculous.


Agreed, 4 pages of people that have no clue pretending they do. MacRumors for you I guess
Rating: 5 Votes
42 months ago
"Security experts say it was a bold move - or it was a mistake! We don't know!"
Rating: 5 Votes

[ Read All Comments ]