IPhone source code leaked online could mean payday for hackers

Image iStock

Image iStock

The iBoot framework is a low-level piece of software on all Apple hardware running iOS - on other devices, you'd call this the bootloader or the BIOS.

A major portion of the source code for iOS 9 was leaked after an anonymous GitHub user posted it in a repository on the website. Now, it's almost impossible for hackers to even find bugs in iOS code, making iOS exploits relatively rare, unlike in Windows and Android. In fact, users who find bugs or vulnerabilities in the bootup process can receive as much as $200,000 as part of the company's bug bounty program, Motherboard reports. It is, however, the first app that runs when you turn on an iOS device, silently transitioning from a black screen to the white Apple icon to iOS's colorful Home screen.

The source code leak was considered a major security issue for Apple, as hackers could dig through it and search for any vulnerabilities on iBoot. However, security researcher Jonathan Levin confirms the code is the real deal as it matches some iBoot code he himself has reverse engineered. And yes, iOS 11 could be connected to version 9 in such a way that flaws discovered on the latter may also be executed on the former.

According to experts, this may not be too much of an obstacle for hackers and researchers as the existing code could still provide a treasure trove in terms of locating vulnerabilities and creating device jailbreaks for an iPhone or iPad. "It is not open-source", the request, filed by the legal firm of Kilpatrick Townsend & Stockton said.

Apple hasn't commented on the leak yet and it's unclear who was behind it. Grosfield said. "Apple will be scrambling to mitigate any potential risks, and the window of opportunity for malware to take advantage of that is probably pretty small". For so long, these codes have been well kept under wraps, as Apple has been very hesitant on sharing them openly with the public. iBoot, in particular, is a highly critical component.

Interestingly, the same source code was also published on Reddit four months earlier by a user named apple_internals. These days, modders are more likely to sell the exploit than release it for free to the jailbreak community.

Student forced to flush emotional support hamster down toilet
Kim Jong-un sends sister to attend Winter Olympics opening ceremony