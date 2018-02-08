“Critical, top secret Apple code for the iPhone’s operating system was posted on Github, opening a new, dangerous avenue for hackers and jailbreakers to access the device, Motherboard reported,” Steve Dent reports for Engadget. “The code, known as ‘”iBoot,’ has since been pulled, but Apple may have confirmed it was the real deal when it issued a DMCA takedown to Github, as Twitter user @supersat noted [see below].”

“iBoot is the iOS code that ensures a secure boot by loading and checking that kernel is properly signed by Apple before running the OS,” Dent reports. “The version that was posted to Github, supposedly by a Twitter user named @q3hardcore, was for iOS 9, but much of it likely still exists in the latest version, iOS 11.”

“The code can’t be compiled because certain files are missing, but researchers and hackers who know what to look for could probe it for vulnerabilities,” Dent reports. “iPhones used to be relatively easy to jailbreak before Apple introduced the “secure enclave co-processor” with the TouchID of the iPhone 5s. Now, it’s nearly impossible for hackers to even find bugs in iOS code, making iOS exploits relatively rare, unlike in Windows and Android. As such, the iBoot leak is exposing code that hardly anyone has seen before. The iBoot dump first appeared last year on Reddit, but received little notice from the security community until it hit Github.”

Fun thing about the DMCA: it required Apple to state, under penalty of perjury, that the iBoot source code was legit: https://t.co/PKHZqcEe6h — Karl (@supersat) February 8, 2018

