Apple iPhone source code leaks on GitHub

By , on
Apple iPhone source code leaks on GitHub

Apple's reputation as a provider of operating systems that are more secure than the alternatives has taken a hit with the iOS source code for the iPhone understood to have been posted online.

The purported iPhone operating system code was posted on code-sharing site GitHub and was reportedly removed after a request from Apple that cited copyright law.

Apple filedDigital Millennium Copyright Act (DMCA) notice, indicating it had been "injured by a violation of the US Copyright laws" and forcing GitHub to remove the code.

The move by Apple would seem to confirm the authenticity of the code.

According to the DMCA notice filed by Apple, the leaked content was "reproduction of Apple's 'iBoot' source code, which is responsible for ensuring trusted boot operation of Apple's iOS software.

"The 'iBoot' source code is proprietary and it includes Apple's copyright notice. It is not open-source."

The so-called iBoot source code is involved in securely booting up iPhones, and was actually a part of iOS 9 – although it's likely to still be a part of the current version of iPhone operating system software, iOS 11, according to Motherboard.

Apple did not immediately respond to CRN USA's request for comment.

In a statement shared with MacRumors, Apple said: "Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections."

Reputational damage

The exposure of the code raises the risk of hacking and jailbreaking activity related to Apple's iPhone, and lands another blow against the narrative that Apple's software is virtually impervious to security threats.

"This is a significant situation for Apple, who differentiates itself on being a closed, highly secure platform," said Jay Gordon, vice president of sales at Plano, Texas-based Honeywell Enterprise Mobility, speaking to CRN USA.

Unlike with Android software and devices, "Apple owns all aspects of the hardware and software on its platform, which gives them an edge in being able to manage threats and vulnerabilities," Gordon said.

"This development proves that third-party security software from the likes of MobileIron, AirWatch, SOTI and others remains a needed part of any mobility strategy to thwart jailbreaking and intrusions to the enterprise."

He added, "I am positive that Apple is already working on a solution to ensure this does not occur again."

Other recent Apple security issues included a bug in macOS High Sierra that allowed access simply by typing in the username "root," as well as the so-called "Fruitfly" malware, which could be used for such surveillance activities as taking webcam photos and capturing keystrokes.

Mac users saw a 240 percent increase in malware during the first three quarters of 2017, according to cybersecurity vendor Malwarebytes.

In terms of iPhone security, a cyberattack that could involve taking over an iPhone user's camera and microphone if a user clicked a text message link was revealed in August 2016.

That same month, Apple revealed a bug bounty program to pay researchers that uncover security vulnerabilities in its products, in an admission by Apple that its products are not immune to security issues.

This article originally appeared at crn.com

Copyright © 2018 The Channel Company, LLC. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Are recalls an effective solution for defective IT hardware?
Yes
No
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?