How Harmful Is the iOS 9 Source Code Leak?

Source code was leaked online this week for the bootloader that helps launch Apple's iOS operating system on mobile devices. While the bootloader link on the code repository GitHub was quickly taken down following a copyright request from Apple, copies are continuing to float around the Internet, several sources reported.

The same code was posted four months ago on Reddit, although that link has also been taken down. The leak involves proprietary information that Apple works hard to keep secret. The source code appears to be for the iOS 9 version of iBoot, a stage 2 bootloader that verifies a device's iOS kernel and enables operation in Recovery Mode.

Some developers and other experts called the leak 'unprecedented,' and warned that the code could be used to jailbreak or hack iOS devices. However, others pointed to past, more serious leaks, such as that for Windows NT/2000, and noted that iOS researchers have already likely reverse-engineered considerable portions of Apple's code.

Source Code Appears 'Legit'

"Apple has traditionally been very reluctant to release code to the public, though it has made certain parts of iOS and MacOS open source in recent years," Motherboard noted Wednesday evening in an early report about the leak. "But it has taken particular care to keep iBoot secure and its code private; bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000."

Shortly after that article was posted, the publication updated its report to say that Apple had sent GitHub a Digital Millennium Copyright Act (DMCA) takedown notice demanding removal of the source code link. By doing so, it added, Apple "indirectly confirmed that the code was real."

Security researcher Karl Koscher noted on Twitter early this morning that, to...

Comments are closed.