iBoot leak: Central part of Apple iPhone operating system leaks online
There's no immediate threat to users, but the leak will be deeply worrying to Apple
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.One of the most important parts of the software powering the iPhone has been leaked.
iBoot, which makes sure that the phones start up properly, has made its way online. Such software is usually entirely locked down and leaks could allow hackers to break into the most sensitive parts of the iPhone and iPad.
The iBoot source has found its way online, but since been taken down. The code is old and it's unlikely that hackers could use it to break into a device, but the very fact that it has been leaked will be worrying for Apple.
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code," Apple said in a statement. "There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections."
Initial reports referred to the leak as potentially the biggest in history. But the code is old, mostly useless and probably doesn't pose any risk for reasons laid out by Apple.
Still, leaks of and bugs in the firmware that powers phones as they turn on is taken incredibly serious by Apple, since it is one of the most sensitive things the phone does. It is the most valuable category in Apple's bug bounty programme, which pays out rewards to researchers who find potentially dangerous problems with its products.
And Apple's operating system source code is supposed to be entirely locked down and never leave the company. It is not just a central part of its commercial secrets, but reading through the code that powers the iPhone could allow malicious attackers to find holes they could exploit to attack phones.
It's the first time that such code has become public, after it was posted on Github, a site that stores files of this kind. It's not clear who it was posted by and it has now been taken down after Apple filed a copyright request with the site.
The leak has led to fears that more information could be available in private. The files posted to Github are thought to have been passed around security researchers for some time before they were made public, suggesting that yet more code could be available but not have yet made its way into the open.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments