How Harmful Is the iOS 9 Source Code Leak?

Monday, 12 Feb, 2018

According to the Bloomberg article, the only feature to expect on the iPad in iOS 11 is for Apple's Animoji characters to arrive on the iPad (which would match with rumors suggesting that Face ID is coming to the tablet).

Security researcher Karl Koscher noted on Twitter early this morning that, to invoke DMCA protections, Apple had to state, "under penalty of perjury, that the iBoot source code was legit".

While Apple will continue to publicly release new iOS versions every year, inside, the software team will have a new two-year plan that will allow more time for testing and it will have more freedom to push features that are not yet fully ready for next year. The source code was first posted onto GitHub, which had since been removed. On Android, apps can get updated independently of the big Android software version update, while for iOS the big fall release of the new version is when all apps are updated and this puts a very tight time constraints on devs. "But it has taken particular care to keep iBoot secure and its code private; bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000".

According to Motherboard, the Apple employee originally took the code while working for the Cupertino giant in 2016.

Apple said it is not too anxious about the iPhone source code being leaked. Apple did send a copyright notice and said that this source code, which is "iBoot" is proprietary. While Apple maintains that the security of its products doesn't depend on secret code, the leak was still embarrassing, and a future leak of more source code could have more dire consequences.

Some developers and other experts called the leak 'unprecedented, ' and warned that the code could be used to jailbreak or hack iOS devices. Even though the iPhone source code was for iOS 9, there is still some parts of the source code that are possibly being used in iOS 11.

Apple has bad news for their more than 700 million iPhone users around the globe.

He acknowledged the leak could make it easier for hackers to find vulnerabilities in Apple's operating system, but added that the source code's age makes it likely such bugs have already been found by people trying to build iOS jailbreaks. The problem was that this employee had friends in the jailbreaking community who encouraged the employee to leak to the code to them for security research. We do not know for sure though or have any details about who leaked this information on GitHub.