Portions of the source code for iBoot, the iOS boot component, mysteriously appeared on GitHub this week. The material has already been taken from there, but a question has arisen: is the code legitimate? For TechCrunch and other vehicles, Manzanita He said the code seemed real, but at the same time adopted a reassuring tone.
There would be no point in denying it. As soon as Apple found out about the problem, it made a formal request for the immediate removal of the source code from GitHub on the grounds that the material is related to intellectual property. It worked – the code was available for a short time. But the removal request practically confirmed its legitimacy.
Apple also stated that, as already mentioned, the source code is related to iOS 9.3 iBoot. Also, the leaked code is not complete. However, the incident raises some concerns: who guarantees that iOS 11 current no He has reused at least part of the old iBoot?
Apple did not comment on this, but the company explained that the security of its products does not depend on the secrets built into the source code: there are several layers of hardware and software security behind each device.
Apple is probably telling the truth. The boot is a sensitive part of the security of the operating system, so it must be well protected. The fact that in recent years the company has implemented mechanisms that make jailbreak extremely difficult indicates that the security of the platform is treated with the expected seriousness.
There is a chance that the leaked code will reveal some iOS security secrets or facilitate the creation of jailbreak tools. But for Will Strafach, the security expert consulted by TechCrunch, the chances of problems for the end user are very small.
Eventually, the leaked code will certainly be analyzed, and from there Apple will identify the critical points to take precautions, if necessary. It will be difficult to discover the most interesting part of this story: How did fragments of the fonts of a company so preoccupied with protecting its technology end up in someone else’s hands?