Arxan Technologies VP of product, Rusty Carter says iBoot's leak could potentially allow hackers to find security holes in the smartphone, enabling them to analyse Apple's code, replicating and manipulating it for malicious goal.
When the code finally made its way to GitHub, the situation spiralled out of control considerably, though Motherboard's source says that Apple was already aware of the leak before it hit the code hosting platform - which isn't surprising given how vigilantly Apple protects its intellectual property. There are no details on how ZioShiba got the iBoot source code, but after seeing it, we're certain it's the real deal.
Protecting such large repositories of source code is hard when many employees have access, Spanier said. Similar to a BIOS, iBoot is the part of iOS that performs a series of checks and initializations to ensure a trusted boot of the operating system. The leaker hoped that the code would help the jailbreaking community circumvent Apple's notoriously hard to crack walled-garden mobile operating system.
A recent leak of iOS bootloader source code won't impact iPhone security, according to Apple. However, despite people trying to share it around as quick as possible - the source of that copy was taken down nearly immediately after a DMCA was sent to GitHub by Apple.
Levin was also able to confirm that the source code is authentic.
Security researchers are still cautioning that the outdated code could give hackers an inside look into how Apple's secret boot software works. After the code was posted, Apple quickly issued a DMCA takedown and then proceeded to downplay the threat, saying that the newer versions of iOS should be secure.
Fortunately, numerous risks associated with the leak have been mitigated.
While clarifying, the company said that the iPhone security doesn't rely on source code secrecy.
"There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections", Apple said in its statement.
iBoot is extremely important for Apple products's security.
That said, there are many who are claiming this to be the biggest leak ever in the history of iOS or even Apple.
However, security experts say it doesn't generate much risk for the average iPhone user.