Apple throws take-down notice at GitHub to remove leaked iBoot code

Apple not entirely happy about iBoot source code spillage

Apple has issued a takedown notice to GitHub after the source code for the iBoot component of iOS was leaked and posted on the code-sharing website.

The iBoot application is responsible for launching a trusted boot of iOS - the first program that starts-up every time an iPhone is turned on. It ensures that the mobile OS's kernel is approved by Apple and legitimate for use on an iPhone or iPad.

Apple keeps code like this firmly under lock and key, in a form of 'security through obscurity', as it is essential to the core functionality of iOS.

The code leaked onto GitHub claims to be designed for iOS 9 but much of it is likely to be found in iOS 11, making the leak potentially dangerous to Apple's mobile software.

Having access to such source code is one way for security researchers to find flaws in source code and report any bugs they might throw up that could potentially be exploited by hackers.

iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image... now it's wide open in source code form.

However, making the code public could allow intrepid hackers to sniff around in iBoot and find their own vulnerabilities, only instead of reporting them to Apple, they could tap into the flaws and use them as vectors of attack against iOS.

The iBoot source code could also enable programmers to eventually find a way to emulate iOS on devices other than iPhones and iPads, which would be a big thorn in Apple's closed ecosystem approach.

Two researchers have confirmed to Motherboard that the code is indeed real as they were able to reverse engineer it.

Apple iOS and MacOS specialist Jonathan Levin told the website that the iBoot posting is "the biggest leak in history".

He continued: "iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image... now it's wide open in source code form."

Thanks to the use of the Secure Enclave Processor chip in modern iPhones, jailbreaking iOS and accessing a phone's data has been made into an unattractive challenge by Apple.

But leaks of this kind potentially open up the scope for iPhone hacking and no doubt a degree of furore will be churning away in communities that love nothing more than getting stuck into a piece of private code.