Apple’s iPhone ‘iBoot’ source code leak

Someone has posted to GitHub the purported source code for a critical component for iPhone’s bootloader or “iBoot.”

Access to iBoot code could allow hackers to find vulnerabilities in iOS that could be exploited in the future. iBoot is responsible for ensuring the trusted boot of the mobile operating system, in a sense like iPhone’s BIOS.

The leak was described by one security expert  Jonathan Levin as “the biggest leak in history.” Levin said the code appears to be real iBoot code based on previous experience of re-engineering similar code. 

Motherboard reported the leaked source code was for older iOS 9, although parts of the code could still remain in the latest version of iOS 11.

No one knows who leaked the code on GitHub, but Apple sent a DMCA legal notice to GitHub demanding the iBoot code get removed. GitHub removed the code soon afterwards. 

This helps serve as a reminder that company’s should restrict access to company source code, such as use of GitHub Enterprise, instead of GitHub.com used for public open source code. 

Leave a Reply