“Apple has responded to security concerns surrounding leaked iPhone source code, pointing out that any potential vulnerabilities would be outdated,” Alfeed Ng reports for CNET. “‘Old source code from three years ago appears to have been leaked,’ Apple said in a statement, ‘but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.'”
“The iBoot source code for iOS 9, a core part of what keeps your iPhones and iPads secure when they turn on, was leaked on GitHub, Motherboard first reported,” Ng reports. “Apple had used a DMCA notice to get the Github page hosting the leaked code taken down, but multiple copies of the code have already spread online.”
“The leaked source code from iOS 9 was first released in 2015. Only 7 percent of iOS devices are running a version older than iOS 10, which came out in September 2016, according to Apple,” Ng reports. “‘The iBoot code that was leaked is for an older iOS, so whatever bugs people find may not be relevant anymore,’ said Michael Borohovski, co-founder of Tinfoil Security.”
Read more in the full article here.
MacDailyNews Take: The “good” news in this was always that the leaked code was rather old. Do you have any devices that still run iOS 9? People certainly are, as 7 percent of 1.3 billion active devices worldwide is 91 million.
SEE ALSO:
Apple took it down via a DMCA, but iOS iBoot code is now in the wild – February 8, 2018
iOS source code leak could be the worst Apple’s ever had to deal with – February 8, 2018
Key iPhone source code gets posted online in ‘biggest leak in history’ – February 8, 2018
Apple’s iOS 12 could finally fix systemic frame rate issues and interface inconsistencies – January 30, 2018
Apple delays planned 2018 iOS features to focus on reliability, performance – January 30, 2018
Why Apple desperately needs a new Steve Jobs – January 29, 2018
But the stock drop will be updated, I hope.
The code may be ‘old’ but are we going to assume that it has been so significantly changed that it is not a security risk? I don’t know many development groups that build similar software components completely from scratch under such a short period.
someone thought leaking it was deviously valuable and Apple’s haste in pulling it doesn’t quite fit with the laissez-faire statement above.
Just like I thought, and said as much earlier today. The boot sequence is now totally different, and even if it does effect iOS devices running iOS 9, it would only effect versions older than 9.2.1 on hardware that doesn’t have secure enclaves. That number has to be incredibly small. Once again, this is a leak but has been blown out of proportion like normal.
Yay! Apple answers. Thank gawd.