The iBoot source code of key components of iOS 9 has been leaked to GitHub and has been deleted urgently.

The iBoot source code of key components of iOS 9 has been leaked to GitHub and has been deleted urgently.

Recently, the iOS system, known for its security, has been exposed to iBoot source code leaks and released to GitHub. This is almost the biggest security accident ever encountered by the iOS system. Hackers can use this source code to discover iOS system vulnerabilities, making it easier to jailbreak.

However, after the message was sent out, Apple quickly contacted GitHub to delete the source code, but many copies on the Internet may not be completely resolved.

IBoot is a key component of iOS system security. It is the first software to run when an iOS device is started. It checks the integrity of the platform and whether the kernel is correctly signed. Therefore, iBoot is very important for iOS systems. As part of the Bug rewards program, Apple is even willing to provide up to 0.2 million US dollars for discovering iBoot vulnerabilities.

The leaked source code comes from iOS 9.3.X. Although the latest version of iOS has been upgraded to iOS 11, many users are still using iOS 9, and some may still be included in iOS 11, hackers can analyze the source code to find security vulnerabilities.

In Apple's request to delete the source code, it seems that the authenticity of the leaked source code is also confirmed, Apple said:

According to these laws, the files in the following repositories identified by URLs are invalid because, except for other matters, these files provide for the distribution of copyright items without the authorization of the copyright owner;
Copy the source code of Apple's "iBoot" to ensure the trusted boot operation of Apple's iOS software. The source code of "iBoot" is proprietary, including Apple's copyright statement. It is not open source.

Currently, the iBoot source code on GitHub has been deleted, but its copies are now shared among jailbreak enthusiasts through private file sharing websites (such as Mega. nz. New versions that contain leaked source code copies will also pop up on GitHub every few hours.

Security researchers revealed that the code was actually leaked four months ago. At that time, the user shared a link on Reddit, which was automatically deleted when the link was released by the user, therefore, it is ignored.

However, some security experts have different opinions. They do not think that this leak will have much impact, because the iBoot source code is often reverse designed as part of daily troubleshooting and scientific research. There have been inaccurate copies in the past few years, and this accident is obviously a bit overhyped.

For normal users, upgrading the iPhone to the latest version of iOS can effectively reduce security risks. FreeBuf will pay close attention to the future of this iBoot source code leak to see how Apple responds and takes measures to reduce risks.

Related:

Apple says leaked iOS source code is out of date, and the new iPhone design is secure

2018.02.08 open source information: iPhone key program source code Leakage

It is reported that the iOS source code is leaked by Apple interns.

* Source: thehackernews and bleepingcomputer