“Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve,” Lorenzo Franceschi-Bicchierai reports for Motherboard.
“The GitHub code is labeled ‘iBoot,’ which is the part of iOS that is responsible for ensuring a trusted boot of the operating system,” Franceschi-Bicchierai reports. “In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.”
“The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11,” Franceschi-Bicchierai reports. “‘This is the biggest leak in history,’ Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told me in an online chat, referring to Apple’s history. ‘It’s a huge deal.’ Levin said the code appears to be the real iBoot code because it aligns with code he reverse engineered himself. A second security researcher familiar with iOS also said they believe the code is real. We don’t know who is behind the leak.”
“Vulnerabilities in previous versions of iBoot allowed jailbreakers and hackers to brute-force their way through the iPhone’s lock screen and decrypt a user’s data. But newer iPhones have a chip called the Secure Enclave Processor, which has hardened the security of the device,” Franceschi-Bicchierai reports. “For regular users, Levin added, this means that tethered jailbreaks, which require the phone to be connected to a computer when booting, could soon be back.”
Read more in the full article here.
MacDailyNews Take: It’s Christmas for the iPhone jailbreakers.
In an update, Motherboard reports that Apple filed a DMCA takedown request with GitHub and forced the company to remove the code.