Apple Confirms iPhone Source Code Leak is Real, But Says its Security Doesn't Depend on Secrecy

by

Source code for iBoot, a core component of the iPhone's operating system leaked on GitHub yesterday, raising concerns that the hackers and security researchers could dig into the code to find iOS vulnerabilities.

iphone se ipad deals
In a statement issued to MacRumors this morning, Apple confirmed the authenticity of the code but emphasized that it's for iOS 9, a three-year-old operating system that's been replaced with iOS 11 and is in use on only a small number of devices.

"Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections."

Based on data from Apple's App Store support page for developers, iOS 11 is installed on 65 percent of devices, iOS 10 is installed on 28 percent of devices, and earlier versions of iOS, such as iOS 9, are installed on just seven percent of devices.

In addition to acknowledging that the leak contained real source code, Apple this morning also sent a DMCA takedown notice to GitHub this morning, successfully getting the code removed from the site.

The data that was shared on GitHub was incomplete so the iBoot code was not able to be compiled, but it did include a documents directory that offered up additional information relevant to iBoot, and combined, the data leak could make it easier to locate vulnerabilities to create new jailbreaks.

Average users should not need to be concerned about the leak, however, as Apple has many layers of protection in place, like the Secure Enclave, and does not rely on source code secrecy alone as a way to keep its users safe.

Security researcher Will Strafach, who spoke to TechCrunch, echoed what Apple had to say. He believes the source code is compelling because it provides an inside look into the inner workings of the bootloader, but ultimately, "Apple does not use security through obscurity," so there is nothing risky in the code.

Top Rated Comments

Norbs12 Avatar
Norbs12
81 months ago
"root" <enter> <enter>

jk jk

Glad they are actually being vocal instead of almost dead silent during the battery thing. That just lead to people coming to their own conclusions. It's quite a bit harder to change people's minds once they form their own opinion, even if it's dead wrong.
Score: 15 Votes (Like | Disagree)
scrapesleon Avatar
scrapesleon
81 months ago
this transparency thing getting out of hand
Score: 8 Votes (Like | Disagree)
keysofanxiety Avatar
keysofanxiety
81 months ago
How many of the "better post quick and say something sarcastic" posters actually read the article and saw it was for iOS 9?
Score: 8 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
OldSchoolMacGuy
81 months ago
Anyone could always just decompile the code. C doesn't decompile as easily/neatly as, say, java, but products like Hopper Decompiler exist if you want to convert from compiled code to C.
HA! Good luck with that. Give it a try and let us know how it works out. Hint: there's a reason someone hasn't just done that.
[doublepost=1518120690][/doublepost]
"we always encourage customers to update to the newest software releases to benefit from the latest protections"

...and for those of you with older devices that cannot run the newest software releases, we encourage you to throw your device into a landfill because the millisecond that we make a new iOS version, we stop putting security fixes into the previous version.
That's not true at all. Apple continues issuing security updates for older devices years after they're no longer on sale. Android has new devices on the market which don't even run the current version of Android. The same can't be said for their push to secure older devices like Apple.
Score: 7 Votes (Like | Disagree)
Rshill Avatar
Rshill
81 months ago
Not so worried about the security implications, but it could mean that ios could be booted on a generic ARM device. Basically a "hackintosh" for ios.
Score: 7 Votes (Like | Disagree)
AJ5790 Avatar
AJ5790
81 months ago
It’s pretty funny that, ever since Tim Cook said Apple was doubling down, they’ve surely had twice as many fails.
And they’re like 200% bigger. Funny how that works.
Score: 7 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article277 comments
Apple Silicon AI Optimized Feature Siri

Apple Releases Open Source AI Models That Run On-Device

Wednesday April 24, 2024 3:39 pm PDT by
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Read Full Article84 comments
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Read Full Article416 comments
iOS 18 Siri Integrated Feature

iOS 18 Rumored to Add These 10 New Features to Your iPhone

Wednesday April 24, 2024 2:05 pm PDT by
Apple is set to unveil iOS 18 during its WWDC keynote on June 10, so the software update is a little over six weeks away from being announced. Below, we recap rumored features and changes planned for the iPhone with iOS 18. iOS 18 will reportedly be the "biggest" update in the iPhone's history, with new ChatGPT-inspired generative AI features, a more customizable Home Screen, and much more....
Read Full Article
iPad And Calculator App Feature 1

Apple Finally Plans to Release a Calculator App for iPad Later This Year

Tuesday April 23, 2024 9:08 am PDT by
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Read Full Article222 comments