Archivio di tutti i clip:
(Notebook di Evernote).
Apple Facing Security Nightmare as iOS 9 Source Code Leaks
The iBoot source code, which handles loading and verifying iOS, was uploaded to GitHub.
Apple is facing a potential security nightmare after iOS 9 source code was uploaded to GitHub by an unknown individual or group.
As Motherboard reports, it has since been removed after Apple filed a copyright takedown request, but once things are on the internet, it’s hard to control. It was actually first posted last year on Reddit, but mostly went unnoticed since the user wasn’t a frequent poster.
Apple iOS 9 is old, you may think, as we’re now up to iOS 11, but that doesn’t mean parts of the iOS 9 code aren’t still in use. As Motherboard explains, the situation is made worse for Apple because the source code that did leak is for iBoot.
Apple uses iBoot to handle booting iOS when you first turn on your iPhone. It is the first process to run, and it verifies iOS has been properly signed by Apple. In other words, it’s the first security check performed by Apple, meaning the code will be of great interest to hackers who would like to jailbreak newer versions of the mobile operating system.
Jonathan Levin, author of a trilogy of books on macOS and iOS internals, tells Motherboard that the source code leak is “the biggest leak in history” and “a huge deal.” He checked the code and believes it’s the real iBoot code used by iOS 9. It’s also worth noting that Apple’s bug bounty program pays out the most money ($200,000) for vulnerabilities discovered in the boot process. According to Levin, this leak means tethered jailbreaks could soon re-appear for iOS.
Apple’s iBoot team is no doubt now reviewing what exactly leaked, what if anything it could reveal in terms of security vulnerabilities, and how to best mitigate any future hacks with an update to iOS 11.