Apple Confirms iPhone Source Code Leak is Real, But Says its Security Doesn't Depend on Secrecy

Source code for iBoot, a core component of the iPhone's operating system leaked on GitHub yesterday, raising concerns that the hackers and security researchers could dig into the code to find iOS vulnerabilities.

iphone se ipad deals
In a statement issued to MacRumors this morning, Apple confirmed the authenticity of the code but emphasized that it's for iOS 9, a three-year-old operating system that's been replaced with iOS 11 and is in use on only a small number of devices.

"Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections."

Based on data from Apple's App Store support page for developers, iOS 11 is installed on 65 percent of devices, iOS 10 is installed on 28 percent of devices, and earlier versions of iOS, such as iOS 9, are installed on just seven percent of devices.

In addition to acknowledging that the leak contained real source code, Apple this morning also sent a DMCA takedown notice to GitHub this morning, successfully getting the code removed from the site.

The data that was shared on GitHub was incomplete so the iBoot code was not able to be compiled, but it did include a documents directory that offered up additional information relevant to iBoot, and combined, the data leak could make it easier to locate vulnerabilities to create new jailbreaks.

Average users should not need to be concerned about the leak, however, as Apple has many layers of protection in place, like the Secure Enclave, and does not rely on source code secrecy alone as a way to keep its users safe.

Security researcher Will Strafach, who spoke to TechCrunch, echoed what Apple had to say. He believes the source code is compelling because it provides an inside look into the inner workings of the bootloader, but ultimately, "Apple does not use security through obscurity," so there is nothing risky in the code.

Popular Stories

iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
maxresdefault

Apple's AirPods Pro 2 vs. Samsung's Galaxy Buds3 Pro

Saturday July 13, 2024 8:00 am PDT by
Samsung this week introduced its latest earbuds, the Galaxy Buds3 Pro, which look quite a bit like Apple's AirPods Pro 2. Given the similarities, we thought we'd compare Samsung's new earbuds to the AirPods Pro. Subscribe to the MacRumors YouTube channel for more videos. Design wise, you could potentially mistake Samsung's Galaxy Buds3 Pro for the AirPods Pro. The Buds3 Pro have the same...
iPhone 15 Pro Cameras

iPhone 17 Pro Max Will Be First Model to Feature Three 48MP Cameras

Thursday July 11, 2024 12:20 am PDT by
Next year's iPhone 17 Pro Max will feature an upgraded 48-megapixel Tetraprism camera for enhanced photo quality and zoom functionality, according to Apple analyst Ming-Chi Kuo. In his n-iphone-tetraprism-upgrade-ca62dd37e364">latest investor note published to Medium, Kuo said the key specification change would be a 1/2.6" 48MP CIS sensor, up from the 1/3.1" 12MP sensor expected to be used...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

10 Reasons to Wait for Next Year's iPhone 17

Monday July 8, 2024 5:00 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different – already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
primeday2020 feature3

The Best Early Prime Day Deals on Apple Products

Saturday July 13, 2024 6:23 am PDT by
Amazon is soon to be back with its annual summertime Prime Day event, lasting for just two days from July 16-17. As it does every year, Prime Day offers shoppers a huge selection of deals across Amazon's storefront, and there are already many deals you can get on sale ahead of the event. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may...

Top Rated Comments

Norbs12 Avatar
84 months ago
"root" <enter> <enter>

jk jk

Glad they are actually being vocal instead of almost dead silent during the battery thing. That just lead to people coming to their own conclusions. It's quite a bit harder to change people's minds once they form their own opinion, even if it's dead wrong.
Score: 15 Votes (Like | Disagree)
scrapesleon Avatar
84 months ago
this transparency thing getting out of hand
Score: 8 Votes (Like | Disagree)
keysofanxiety Avatar
84 months ago
How many of the "better post quick and say something sarcastic" posters actually read the article and saw it was for iOS 9?
Score: 8 Votes (Like | Disagree)
OldSchoolMacGuy Avatar
84 months ago
Anyone could always just decompile the code. C doesn't decompile as easily/neatly as, say, java, but products like Hopper Decompiler exist if you want to convert from compiled code to C.
HA! Good luck with that. Give it a try and let us know how it works out. Hint: there's a reason someone hasn't just done that.
[doublepost=1518120690][/doublepost]
"we always encourage customers to update to the newest software releases to benefit from the latest protections"

...and for those of you with older devices that cannot run the newest software releases, we encourage you to throw your device into a landfill because the millisecond that we make a new iOS version, we stop putting security fixes into the previous version.
That's not true at all. Apple continues issuing security updates for older devices years after they're no longer on sale. Android has new devices on the market which don't even run the current version of Android. The same can't be said for their push to secure older devices like Apple.
Score: 7 Votes (Like | Disagree)
Rshill Avatar
84 months ago
Not so worried about the security implications, but it could mean that ios could be booted on a generic ARM device. Basically a "hackintosh" for ios.
Score: 7 Votes (Like | Disagree)
AJ5790 Avatar
84 months ago
It’s pretty funny that, ever since Tim Cook said Apple was doubling down, they’ve surely had twice as many fails.
And they’re like 200% bigger. Funny how that works.
Score: 7 Votes (Like | Disagree)