Collaboration, transparency

Your Feed is from https://www.safeharboroncyber.com/Blog/
CyberWisdom Safe Harbor Commentary on Apple iBoot code
A recent story from thehackernews.com focuses a surprising situation on the source code for the core components of the Apple iPhone operating system is said to have been leaked on GitHub, which could allow hackers and researchers to discover a now unknown zero-day vulnerability in order to develop ongoing malware and iPhone jailbreak.

The source code seems to be iBoot – a key part of the iOS operating system that takes care of all security checks and ensures that trusted versions of iOS are loaded.
In other words, it’s just like the iPhone’s BIOS. As long as you turn on your iPhone, it ensures that the kernel and other system files have been fully signed by Apple and will not be modified.
The iBoot code was originally shared online a few months after Reddit, but it just reappeared on GitHub today (the repository is now unavailable due to the DMCA removal). Motherboard consulted a number of security experts to confirm the legitimacy of the code.
However, it is unclear whether the iBoot source code is completely real, who is behind this major vulnerability, and how the leaker managed to get his / her code first.
The leaked iBoot code appears to come from a version of iOS 9, which means the code is not completely related to the latest iOS 11.2.5 operating system, but parts of the iOS 9 code may still be used by iOS in iOS 11.
“This is a 9.x SRC that you might get confused with the source code to find vulnerabilities as a security researcher and even bootrom source code for some devices … even if it’s not possible to compile due to missing files …” Twitter said.
Leaked source code was listed as “the biggest loophole in history” by many of the book authors Jonathan Levin inside iOS and MacOS. He said the leaked code appears to be the real iBoot code because it matches the code that he decompiled himself.
Apple has opened up some of the macOS and iOS parts in recent years, but the iBoot code has been carefully kept secret.
As Motherboard points out, the company has iBoot as an integral part of the iOS security system and classifies the secure boot component as a top-level vulnerability in the loophole-bounty program, providing $ 200,000 for each reported vulnerability.
As a result, leaked iBoot code can present a serious security risk as hackers and security researchers dig deeper into the code to look for undisclosed vulnerabilities and write persistent malware vulnerabilities such as rootkits and bootkits.
In addition, jailbreakers can find useful stuff from the iBoot source to jailbreak iOS and provide a wired jailbreak for iOS 11.2 and later.
It is worth noting that newer iPhone and other iOS devices come with Secure Enclave to prevent potential problems with the leaked iBoot source code. So, I really suspect the leak code will be of great help.
Although Github has disabled the repository hosting the iBoot code after the company issued a DMCA takedown notice, Apple has not commented on the recent leak. However, the code is already there.

Read more…

Apple source code for a core component of iPhone’s operating system has purportedly been leaked on GitHub, that could allow hackers and researchers to discover currently unknown zero-day vulnerabilities to develop persistent malware and iPhone jailbreaks. The source code appears to be for iBoot—the critical part of the iOS operating system that’s responsible for all security checks and Engaging post, Read More…
thumbnail courtesy of thehackernews.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post

(adsbygoogle = window.adsbygoogle || []).push({});

The post iPhone – Apple iBoot Source Code Leaked on Github appeared first on Safe Harbor on Cyber.

Powered by WPeMatico

convert this post to pdf.
Be Sociable, Share!

Ad