Apple’s Trusted-Boot-Routine “iBoot” leaked on GitHub
Apple keeps its source code well under wrap (as any company should) and so it was probably a surprise to everyone, when yesterday – all of a sudden – the iBoot code was found on GitHub, leaked by an unknown person. The best thing though is that the leak is not even new: Apparently jailbreakers and other individuals have been having a go at the code for a couple of months already.
What is iBoot?
First of all rest reassured, keep calm, and carry on: the code is old. It comes from iOS 9 which was released in September 2015, so you’ll not find it in the same iteration in iOS 11 anymore.
iBoot is responsible to make sure that only specially signed code from Apple is getting loaded into your iOS. It’s also the part of your boot up routine that will send you to the lock screen. This makes it one of the first processes that’s being initiated when you start up your Apple device, making sure that everything with your operating system is in order and that it is indeed from Apple as well as unmodified.
What does the leak mean for you?
If you are afraid that your device is now prone to being hacked or hijacked you can relax, there is no immediate danger. As stated before the code is rather old already and most people have updated their phones by now, with only 7% of the users using iOS 9 or lower according to Apple.
Nonetheless the code might still be used by Apple today – at least to some degree. This would mean that skilled individuals, be it black, white, or grey hats could comb through it and look for security vulnerabilities in the sources, which could then be exploited in iOS 11. Does that sound scary? Luckily it should not be possible to compile the leaked code from Github, because some files are missing. On top of that Apple also uses a secure element called “The Secure Enclave Processor” for security in all of its current devices which should help eliminate further threats.
What are the consequences if there are any at all?
“The code of Apple’s Trusted-Boot-Routine iBoot comes from iOS 9 and could still be interesting for hackers as it is conceivable that Apple still uses parts of it today. It probably will enable a new jailbreak variant soon.” says Alexander Vukcevic, Director Avira Virus Labs.
Jailbreaks rely on vulnerabilities, so the release of the code – and especially this part of the code –will probably make it possible to see a comeback of the tethered jailbreak variant soon, something that has been quenched almost out of existence thanks to Apple’s additional layers of security and its business strategies.
By the way, just a couple of hours after its publication on GitHub, Apple sent a DMCA notice for the iBoot code to be taken down again.
This article is also available in: German