Key iPhone source code gets posted online in ‘biggest leak in history’

“Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve,” Lorenzo Franceschi-Bicchierai reports for Motherboard.

“The GitHub code is labeled ‘iBoot,’ which is the part of iOS that is responsible for ensuring a trusted boot of the operating system,” Franceschi-Bicchierai reports. “In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.”

“The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11,” Franceschi-Bicchierai reports. “‘This is the biggest leak in history,’ Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told me in an online chat, referring to Apple’s history. ‘It’s a huge deal.’ Levin said the code appears to be the real iBoot code because it aligns with code he reverse engineered himself. A second security researcher familiar with iOS also said they believe the code is real. We don’t know who is behind the leak.”

“Vulnerabilities in previous versions of iBoot allowed jailbreakers and hackers to brute-force their way through the iPhone’s lock screen and decrypt a user’s data. But newer iPhones have a chip called the Secure Enclave Processor, which has hardened the security of the device,” Franceschi-Bicchierai reports. “For regular users, Levin added, this means that tethered jailbreaks, which require the phone to be connected to a computer when booting, could soon be back.”

Read more in the full article here.

MacDailyNews Take: It’s Christmas for the iPhone jailbreakers.

In an update, Motherboard reports that Apple filed a DMCA takedown request with GitHub and forced the company to remove the code.


    1. Adam Schiff is a National Security guy- stop playing Trump politics with the facts of the matter.
      Not a particular fan of Schiff, but the Trumpies are trying to stir up shit to discredit the investigation into TrumpWorld.

      1. Yeah, because:
        1. malicious hackers only get their info via mainstream news sources; and
        2. people who don’t code might be encouraged to learn how to hack by reading a generic news story about this.

        News organizations should definitely pretend both those things are true, and pretend they can hide information like this by just not publishing stories about it.

        Brilliant logic, auramac.
        Just another person who seems to believe that hard realities about how the world works can be avoided by pretending they aren’t true.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.