Leaks are happening literally every day, it seems. Regardless of what is leaked, in my opinion, a leak is bad. It suggests security issues. So even if the information isn’t really that personal or that private, I think it’s a bad sign. The leak I’m about to explain to you is no different. Critical, top-secret Apple code for iOS was recently posted on Github. This opens an extremely dangerous avenue for hackers and jailbreakers to be able to access a device. Or does it?
The code, known as iBoot, has been since pulled, but Apple all but confirmed it was the real deal when it issued a DMCA takedown to Github. iBoot is the iOS code that ensures a secure boot by loading and checking that kernel is properly signed by Apple before running the OS. The version that was posted to Github, supposedly by a Twitter user named @q3hardcore, was for iOS 9, but much of it likely still exists in the latest version, iOS 11.
The good news? The entire code can’t be compiled because certain files are missing, but researchers and hackers who know what to look for could probe it for vulnerabilities. If we look past the vulnerability side of it and just look at it from a jailbreak perspective, is this really a bad thing? I am a bit of a rule follower, as I’ve mentioned on here before, so part of me wants to say yes. But there’s another part of me that likes to push limits and boundaries thinks it’s not entirely a bad thing.
iPhones used to be relatively easy to jailbreak before Apple introduced the “secure enclave co-processor” when they created TouchID on the iPhone 5s. Which has been making it nearly impossible for hackers to find bugs in the iOS code. Therefore iOS exploits relatively rare, unlike in Windows and Android. This is definitely a good thing for Apple, but not so good for people who are wanting to find vulnerabilities in order to jailbreak. People are shocked because this is code that no one has ever seen before.
The funny part about all of this is that iBoot actually first appeared on Reddit last year. But it didn’t receive much by way of notice, until it appeared on Github. Is this even a big deal? I mean, sure, people probably saw it, but were using it to their advantage and keeping quiet on it. It’s like when you somehow see the test answers in the room where you’re taking the test. You don’t draw attention to it. You just use that to your advantage, don’t you? Or is that just me? So maybe this is why we’re seeing more options to jailbreak iOS now than we have in a few years?
Apple does offer a $200,000 bounty for iOS vulnerabilities, which is quite high. If researchers are able to use this leak to identify any bugs, they could be looking at a big payday. Would you rather work with Apple, and get that money, or work against them for a jailbreak? That’s likely a personal preference and certainly remains to be seen. But it certainly needs to be considered. This might actually end up being good news for Apple. But it could also be good news for people trying to expose vulnerabilities. Stay tuned!