Yesterday, anonymous developers uploaded the source code for core iOS components on GitHub, which could help hackers and security researchers find iOS vulnerabilities and put the iPhone at risk. Git address:Github.com/h1x0rz3r0/i….
However, on the morning of 8th, I could not see the relevant source information, the project has been turned Private, you can check the following link for relevant information:
Github.com/github/dmca…
IBoot is one of the key source codes for iOS, marked as “iBoot” on GitHub. It ensures that the operating system can be trusted to boot. In other words, it is the program that loads iOS, it is the first process that starts the iPhone running, it loads and verifies that the kernel is properly signed by Apple, and then executes, It’s like the BIOS for Windows.
This code works on iOS 9, but some of the code may still be used in iOS 11. While some of the code for iOS and macOS has been gradually open source in recent years, Apple has been very reluctant to open source to the public in nature. And Apple has paid attention to the security of the iBoot and the privacy of its code, offering a bounty of up to $200,000 to anyone who reports bugs during the startup process. “This is the biggest bug in iOS history, and it’s going to be a big deal,” said Jonathan Levin, author of a series of books on iOS and Mac OSX interiors.
Levin says the code appears to be genuine iBoot code because it is consistent with his own reverse-engineered code. Another security researcher familiar with iOS also said they believe the code is genuine, but they don’t know who is leaking it and Apple has so far not responded.
By accessing iBoot’s source code, iOS security researchers can better find vulnerabilities that could lead to a device breach or jailbreak, Levin said. That means hackers can more easily find vulnerabilities and bugs that allow them to crack or decrypt iphones. Perhaps this leak could end up allowing senior programmers to emulate iOS on non-Apple platforms.
A bug in previous versions of the iBoot allowed crackers and hackers to decrypt a user’s data through the iPhone’s lock screen. But the new iPhone has a chip called The Secure Enclave Processor that makes the device more Secure.
For the average user, this means jailbreaking is easier, Levin added. These jailbreaks used to be relatively easy to implement and common, but now it’s very difficult to use the latest iOS devices, which have advanced security mechanisms that make it difficult for even highly skilled researchers to find bugs because they need to jailbreak the device before they can even start probing it.
These security improvements have effectively killed the once popular jailbreak community in its infancy. Now, finding bugs and bugs in iOS takes a lot of time and resources, so the resulting bugs are very valuable. That’s why the jailbreak community gets excited about leaks of source code or any publicly released vulnerabilities.
The source code first appeared last year, posted by a Reddit user named apple_internals on the Jailbreak subreddit. The post didn’t get much attention because the user was new and there wasn’t enough Reddit Karma; The post sank quickly. But its reappearance on GitHub means it could be widely circulated in the underground jailbreak community and the iOS hacking community.
“IBoot is a component that Apple has been insisting on, and they’re still encrypting its 64-bit code,” Levin said. Now it’s available as source code.”
Motherboard.vice.com/en_us/artic…