Apple has bad news for their more than 700 million iPhone users around the globe. A version of the code that allows iOS devices like iPhones and iPads to boot-up has been leaked on the web-based hosting service GitHub. Apple just about confirmed the leak by sending GitHub a Digital Millennium Copyright Act takedown notice and making the site remove the code just 13 hours after Motherboard broke the news on February 7, 2018.
The leak released the source code for iBoot, the very first program that runs when a device is turned on. The source of the leak is unknown, but you can imagine Apple will be cleaning house to find the culprit. The code’s widespread availability on GitHub means that hackers likely already have their hands on it.
Is this this leak really such a big deal, given that computer-savvy folks are able to reverse engineer code all the time? The unfortunate answer is yes. Apple tends to keep its source code secret, because the code can provide insight into system vulnerabilities.
What’s the Damage?
While the leak certainly isn’t good for Apple, it could be worse. The version posted on GitHub was supposedly iOS 9, a previous version of Apple’s operating system. This means that updated devices are not completely at risk to vulnerabilities hackers might find in the source code. However, Apple could have co-opted elements of its previous operating systems in the current software, so parts of the iOS 9 code may be used in iOS 11.
Exactly what hackers are able to do with the leaked iBoot will depend on what security flaws are present in the source code, if those flaws have been retained in new versions of the operating systems, and whether those flaws can be exploited.
More than likely, hackers may have an easier time jailbreaking, or removing imposed software restrictions, on iOS devices. Again, the typical iPhone user is probably not in any danger, thanks to Apple’s recent security upgrades on their devices.
In an increasingly digital age, keeping our devices — and the private data we entrust them with — safe needs to be a top priority. There have been a number of high profile hacks in recent memory, so news like this will certainly cause Apple a lot of grief. Here’s hoping they plug the leak before something like the iOS 11 source code makes its way onto the internet.