Yesterday’s leak of the iOS 9 source code for older iPhone devices apparently raised some concerns amongst iPhone and iPad users that their devices might not be as secure as the company advertises.
Motherboard was the first report the leak of the iBoot – a component of iOS that makes sure all apps and other software installed on Apple’s devices are secure when they boot up, and nothing was changed in any way – source code for Apple’s iOS 9 operating system for iPhone, iPad, and iPod touch devices last night. Surprisingly, the leaked source code was hosted on GitHub.
Apple immediately removed the leaked iBoot source code from GitHub, but it was available enough for some curious coders to take a look a realize that it’s not as secure as Apple says, and it could help jailbreakers to create new jailbreak tools. However, Apple was quick to deny these allegations in a statement to CNET, saying updated devices are secure “by default.”
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections,” Apple said in a statement.
Leaked iBoot source code is from more than two years ago
Because the leaked iBoot source code posted on GitHub is from more than two years ago, we have all the reasons to believe Apple’s statement above that up-to-date iPhone, iPad, and iPod touch devices are secure “by design.” The company even put a $200,000 USD award at stake for anyone who can find a vulnerability in the iBoot component.
In addition, the Cupertino-based company urges all iPhone, iPad, and iPod touch users to update their devices to the latest iOS operating system release, which is version 11.2.5 at the moment of writing, and always keep their devices up-to-date when new iOS versions are available. Apple also said that the security of its devices relies on several layers, not just the source code.