Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Apple Confirms iPhone Source Code Leak is Real, But Says its Security Doesn't Depend on Secrecy
Source code for iBoot, a core component of the iPhone's operating system leaked on GitHub yesterday, raising concerns that the hackers and security researchers could dig into the code to find iOS vulnerabilities.
In a statement issued to MacRumors this morning, Apple confirmed the authenticity of the code but emphasized that it's for iOS 9, a three-year-old operating system that's been replaced with iOS 11 and is in use on only a small number of devices.
In addition to acknowledging that the leak contained real source code, Apple this morning also sent a DMCA takedown notice to GitHub this morning, successfully getting the code removed from the site.
The data that was shared on GitHub was incomplete so the iBoot code was not able to be compiled, but it did include a documents directory that offered up additional information relevant to iBoot, and combined, the data leak could make it easier to locate vulnerabilities to create new jailbreaks.
Average users should not need to be concerned about the leak, however, as Apple has many layers of protection in place, like the Secure Enclave, and does not rely on source code secrecy alone as a way to keep its users safe.
Security researcher Will Strafach, who spoke to TechCrunch, echoed what Apple had to say. He believes the source code is compelling because it provides an inside look into the inner workings of the bootloader, but ultimately, "Apple does not use security through obscurity," so there is nothing risky in the code.
In a statement issued to MacRumors this morning, Apple confirmed the authenticity of the code but emphasized that it's for iOS 9, a three-year-old operating system that's been replaced with iOS 11 and is in use on only a small number of devices.
"Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections."Based on data from Apple's App Store support page for developers, iOS 11 is installed on 65 percent of devices, iOS 10 is installed on 28 percent of devices, and earlier versions of iOS, such as iOS 9, are installed on just seven percent of devices.
In addition to acknowledging that the leak contained real source code, Apple this morning also sent a DMCA takedown notice to GitHub this morning, successfully getting the code removed from the site.
The data that was shared on GitHub was incomplete so the iBoot code was not able to be compiled, but it did include a documents directory that offered up additional information relevant to iBoot, and combined, the data leak could make it easier to locate vulnerabilities to create new jailbreaks.
Average users should not need to be concerned about the leak, however, as Apple has many layers of protection in place, like the Secure Enclave, and does not rely on source code secrecy alone as a way to keep its users safe.
Security researcher Will Strafach, who spoke to TechCrunch, echoed what Apple had to say. He believes the source code is compelling because it provides an inside look into the inner workings of the bootloader, but ultimately, "Apple does not use security through obscurity," so there is nothing risky in the code.
[ 79 comments ]
Top Rated Comments
(View all)
17 months ago
"root" <enter> <enter>
jk jk
Glad they are actually being vocal instead of almost dead silent during the battery thing. That just lead to people coming to their own conclusions. It's quite a bit harder to change people's minds once they form their own opinion, even if it's dead wrong.
jk jk
Glad they are actually being vocal instead of almost dead silent during the battery thing. That just lead to people coming to their own conclusions. It's quite a bit harder to change people's minds once they form their own opinion, even if it's dead wrong.
17 months ago
How many of the "better post quick and say something sarcastic" posters actually read the article and saw it was for iOS 9?
17 months ago
It’s pretty funny that, ever since Tim Cook said Apple was doubling down, they’ve surely had twice as many fails.
And they’re like 200% bigger. Funny how that works.
17 months ago
Not so worried about the security implications, but it could mean that ios could be booted on a generic ARM device. Basically a "hackintosh" for ios.
17 months ago
Anyone could always just decompile the code. C doesn't decompile as easily/neatly as, say, java, but products like Hopper Decompiler exist if you want to convert from compiled code to C.
HA! Good luck with that. Give it a try and let us know how it works out. Hint: there's a reason someone hasn't just done that.
[doublepost=1518120690][/doublepost]
"we always encourage customers to update to the newest software releases to benefit from the latest protections"
...and for those of you with older devices that cannot run the newest software releases, we encourage you to throw your device into a landfill because the millisecond that we make a new iOS version, we stop putting security fixes into the previous version.
That's not true at all. Apple continues issuing security updates for older devices years after they're no longer on sale. Android has new devices on the market which don't even run the current version of Android. The same can't be said for their push to secure older devices like Apple.
17 months ago
Not so worried about the security implications, but it could mean that ios could be booted on a generic ARM device. Basically a "hackintosh" for ios.
Most likely not as the source code wasn't 100% complete and could not be compiled.
17 months ago
Windows source code has leaked in the past and not caused issues. Some are making this out to be a far larger deal than it really is. It's only a big issue if we assume (incorrectly) that nothing has changed within the OS since iOS 9 three years ago and that Apple has made no changes to security or other pieces since.
17 months ago
It’s pretty funny that, ever since Tim Cook said Apple was doubling down, they’ve surely had twice as many fails.
[ Read All Comments ]
Lutron, a new "Friends of Hue" partner, today announced the launch of the Aurora Smart Bulb Dimmer, a Hue accessory that's designed to be placed over a traditional toggle light switch to...
A couple of months ago, Boss Audio debuted its latest aftermarket CarPlay receiver, the BVCP9685A, offering a relatively low-cost way to add wired CarPlay (and Android Auto) to your existing...
For this week's giveaway, we've teamed up with Astropad to give MacRumors readers a chance to win a Luna Display adapter, a useful dongle that turns your iPad into a second screen for your...
Microsoft today announced "Minecraft Earth," a new game coming to iOS and Android in beta this summer that uses augmented reality to place virtual Minecraft blocks and characters into the...
Twitter today updated its TweetDeck for Mac app to introduce a new compose window with a refreshed look and new capabilities.
The updated window features a cleaner design with either a dark...
Apple Pay will likely launch in the Netherlands in the very near future, as the service has now been elevated to "beta" status internally at Apple ahead of its much-anticipated rollout in the...
B&H Photo is discounting the latest 12-inch MacBook in a variety of configurations and color options, with prices starting at $899 for the 256GB model. However, the highlight of the sale is...
DTS today announced availability of AirPlay 2 in select DTS Play-Fi products, including the McIntosh RS200 wireless loudspeaker system and the Arcam rPlay music streamer, with support for additional...
