iOS bootloader
The leak could be of value to “jailbreakers” who install third-party software on iPhones and iPads. There are also concerns it could uncover new security vulnerabilities in iOS, which may be found by attackers. The code comes from a low-level iOS component called “iBoot” which is a trusted part of the platform.
iBoot acts as a bootloader for the rest of iOS. After an iPhone or iPad is turned on, iBoot loads and begins to start the main iOS processes. It’s responsible for verifying the kernel is genuine and then commencing its execution. Without iBoot, iOS wouldn’t be able to start.
The leak is so significant because of the importance of iBoot’s role to the wider iOS platform. As one of the earliest components to start up, it has access to the entire system and the processes that run on it. It also supports provisioning over a cable, which could allow iOS hackers to interact with it and load custom code.
READ NEXT: 70% of consumers would boycott services with poor data protection
The release, presumably made by an Apple insider, has been described by iOS expert Jonathan Levin as “the biggest leak in history.” Levin has written books on the internals of iOS and Mac OS X and said the code aligns with sections of iBoot he’s reverse-engineered.
Apple isn’t prone to open-sourcing its code so most understanding of iOS’ internals has been acquired through reverse-engineering attempts. Apple keeps iBoot under a particularly close guard because of its low-level nature and role in the operating system. Bugs in the iOS boot process are the most valuable ones to be covered by the company’s bug bounty program, receiving a maximum payout of $200,000. They may be easier to find now the iBoot source has been distributed.
“Not open-source”
The code was uploaded to GitHub by a user account known as “ZioShiba.” It was public on the site for a short while until Apple submitted a DMCA takedown request, which was accepted by GitHub.
The repository has now been removed from public view on the Internet. Although Apple hasn’t directly commented on the breach’s authenticity, its expedited DMCA request strongly implies the source was genuine code.
“[iBoot] is responsible for ensuring trusted boot operation of Apple’s ioS software. The ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source,” said Apple in its request, through lawyers Kilpatrick Townsend & Stockton LLP. “Please act expeditiously to disable the content found at the following repository (and any related forks).”
Although the source was only available for a short time, it’s likely that hundreds of people viewed and downloaded the material while it was available. Apple’s now having to follow-up with takedown requests against scores of users who are independently re-uploading the code. Its latest DMCA notice lists over 200 GitHub repositories which the company wants disabled in relation to the iBoot leak.
