Source code for what is claimed to be the iBoot component of Apple's iOS, software that handles secure booting of the operating system, was published on GitHub by an unknown party on Wednesday, a development that could lead to the discovery and exploitation of currently unknown vulnerabilities.
According to Motherboard, the GitHub code is labeled "iBoot" in reference to Apple's iBoot subsystem that ensures an authenticated boot, or initial loading, of iOS on a target device. The code is responsible for verifying iOS kernel signing, as well as performing other critical tasks related to loading the mobile operating system.
While the authenticity of the source code, pulled from a version of iOS 9, has not been verified, security expert Jonathan Levin said it appears to line up with code he reversed engineered. A second unnamed researcher also believes it legitimate, the report said.
Calling it "the biggest leak in history," Levin said the source code presents an opportunity to discover new vulnerabilities that could potentially lead to a new era of tethered jailbreaks, which require an iPhone be connected to a computer while booting. Of course, these same unpatched vulnerabilities might also be leveraged for more nefarious activities like cracking locked iPhones or creating iOS emulators, Levin said.
"iBoot is the one component Apple has been holding on to, still encrypting its 64 bit image," Levin said. "And now it's wide open in source code form."
Researchers and criminals alike have in the past relied on iBoot vulnerabilities to crack iPhone's notoriously hardened outer security shell, but recent hardware advancements like Apple's Secure Enclave Processor have made such endeavors nearly impossible.
As noted by the report, Apple regards boot process code as extremely sensitive information. The company's bounty program, for example, classifies secure boot components as a top-tier vulnerability, paying out $200,000 for each reported bug.
Interestingly, the same source code made public today was posted to Reddit some four months ago by a user going by the name "apple_internals," but the thread failed to gain traction and was quickly buried. With the code now available for perusal on GitHub, however, it is more likely that jailbreakers and other interested parties are parsing through the data in hopes of unearthing useful information.
How the purported iBoot code affects current iOS versions is unclear, though modern iPhones and iPads are likely protected from most vulnerabilities deduced from the source code. Beyond security protocols like the Secure Enclave, it's worth noting that the supposed iBoot version published to GitHub is from iOS 9. While certain code points might have been carried through to iOS 11, it is unclear if those assets make the current OS vulnerable.
That said, it is impossible to triage the situation without a full breakdown of what vulnerabilities, if any, are in the purported iBoot code and how said bugs impact modern iOS iterations. The latter part of that equation involves a substantial amount of trial and error, as Apple's boot loading code is not open to public scrutiny.
Apple has yet to comment on the matter.
20 Comments
Things like this really piss me off. I hope someone ends up in jail and bankrupt.
Information wants to be free.