Source code for iOS' trusted boot leaked online

09 February, 2018, 02:00 | Author: Pamela Mathis
  • Image iStock

To get the repository taken down, Apple leveraged the Digital Millennium Copyright Act (DMCA), filing a notice with GitHub about the offending code.

According to Motherboard, this code actually appeared first on Reddit late past year before being posted to Github, but was initially ignored due to the user's short posting history. The source code could enable jailbreakers and hackers to discover vulnerabilities in iOS and gain new, unauthorized ways to access the system.

The leak could also make it easier for security researchers to find and report flaws to Apple. Apple offers up to $200,000 (1 crore) for bugs found through its bounty program.

Apple source code for iBoot, the part of iOS that ensures a trusted boot of the iPhone's operating system, has purportedly been leaked to Github, giving hackers a deeper look at the inner workings of the Cupertino company's closed garden. This component verifies that iOS is loaded correctly every time and if the kernel is signed by Apple.

US Attacks Pro-Assad Forces In Syria, Escalating Tensions
No American troops were wounded or killed in the attack, however one SDF member was hurt. The Syrian army is backed by Iranian-backed militias and Russian forces.

The code in question is for a version of iOS 9.3, which was released in spring 2016 and brought features such as Night Shift and various other improvements.

It's not the first time that someone has posted iBoot's code online; Motherboard also discovered that the code was published to the site Reddit by a user named "apple_internals" past year.

Jonathan Levin, who has written books on iOS and Mac OSX internals, described the leak as a "huge" deal on Twitter. "But by design the security of our products doesn't depend on the secrecy of our source code". Another security researcher told the scribe that they believe the code to be real as well. As Motherboard points out, this same code was posted on Reddit in September, but it went effectively unnoticed. The version that made its way onto Github came from iOS 9, but much of the code likely still exists in iOS 11. "It is not open-source". We now don't know who is behind the leak, and Apple declined Motherboard's request for comment.

It is very likely that the code may have been spotted and was circulating in the jailbreaking and hacking community.



Hatch takes again help of Trump aide Rob Porter
Trump has damaged the presidency to such a degree that the Rob Porter story doesn't get the full attention that it deserves. White House press secretary Sarah Huckabee Sanders said she had not discussed the allegations against Porter with Trump.

Marc-Andre Fleury gets standing ovation in return to Pittsburgh
Reilly Smith paced the Golden Knights with a pair of goals with Ryan Carpenter and Alex Tuch also lighting the lamp. To fully appreciate Fleury's impact, our friends at Opta Sports took a dive into his numbers with the Penguins .

Ford Transit Connect Wagon Has More Tech, New Diesel Engine
Jalal and others think the Transit Wagon could resonate with those who might have owned an old Volkswagen van some time ago. Also worth noting is that the Transit Connect will be able to tow up to 2,000 pounds when equipped with the towing package.

Poland's president signs controversial Holocaust bill
Duda also said he would also request Poland's constitutional court to evaluate the bill , leaving the door open for amendments. In a statement , he added: "The United States reaffirms that terms like "Polish death camps" are painful and misleading".

Oil Falls For The Third Day
The EIA forecasts that U.S. shale oil production will grow by 111,000 barrels a day to 6.55 million bpd in February, a new record. That compares with a forecast of nationwide inventories rising by 3.15 million barrels in a Bloomberg survey.

Biden slams GOP for not standing up to Trump
Biden took issue with the president supposedly joking about people not standing up for him as "treasonous". BIDEN: "Yeah and if you're in a situation where the president has some difficulty with precision".

Pornhub is outlawing AI-generated porn because it's nonconsensual
The video of Nic Cage being forced into the Superman movie below shows how remarkable the manipulated videos can look. In a sense, Pornhub places AI-superimposed pornographic content on the same level as revenge porn, which makes sense.

Another winter storm forecast for Alberta Wednesday: Environment Canada
Heavy snow is on the way and travel could be hard , the National Weather Service said in a forecast updated Wednesday afternoon. The storm system began moving into the region late Tuesday night prompting some schools to make early decisions to delay.

Auto Expo 2018: All-New Suzuki Swift Launched
Even in its new avatar, one of India's sweetheart, the all-new Maruti Swift continues to be a great value for money deal. While the petrol variant will have a 1.2 litre engine, the diesel option is powered by a 1.3 litre engine.

Alphabet's Nest is Being Folded Back into Google
Its next product, Nest Hello, is a smart video doorbell that is scheduled for release in March. In other words, they're rolling Nest under the Google/Alphabet umbrella after all.