Purported iOS iBoot source code leaks, potential security issue for iPhones

Motherboard reports this evening that a GitHub user has shared the source code for Apple’s iBoot System, which is the part of the operating system that handles the trusted boot up process.

At this point, it’s unclear where this source code came from, and its legitimacy hasn’t been 100 percent confirmed.

The source code in question is for an iOS 9.3.x release, and while you can’t compile it due to missing files, security researchers say that you can analyze it and look for security vulnerabilities on which to capitalize. While the code is for iOS 9.3.x, it’s possible that it contains portions that are still used in iOS 11.

This is the SRC for 9.3.x. Even though you can’t compile it due to missing files, you can mess with the source code and find vulnerabilities as a security researcher. It also contains the bootrom source code for certain devices.

Jonathan Levin, an author behind several books on iOS and macOS development, told Motherboard that this is “the biggest leak in history,” while also vouching for the legitimacy of the code saying “it aligns with code he reverse engineered himself.”

Levin explains that having access to the iBoot source code makes it easier for researchers to find vulnerabilities that “could lead to compromising or jailbreaking the device.”

iBoot is integral to the iOS security system, essentially verifying that the kernel is signed by Apple during boot up. Motherboard describes it as “like the iPhone’s BIOS.” Apple treats it as a critical category to iOS, offering $200,000 for bugs found through its bounty program. That’s is the max payment the program offers, as a report last year indicated.

Ultimately, there are several things to keep in mind here. For one, it hasn’t been confirmed that this is legitimate iOS iBoot source code. While signs point to yes, we shouldn’t jump to conclusions just yet. It’s also unclear how much of this source code is actually relevant nowadays given that it’s for iOS 9.

Furthermore it’s likely that the Secure Enclave in more recent iPhones protects against some of the potential issues that come with leaked iBoot source code.

Apple hasn’t yet commented on the leak and it’s unclear who is behind it. We’ll update if we learn more.


You can follow iPhoneFirmware.com on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.