Apple has shot down the significance of an apparent source code leak for the iPhone’s iBoot bootloader which loads the operating system. The original report flagged the source code leak as the ‘biggest leak in history’ based on one researcher’s description, but Apple has significantly downplayed any risks associated with the leak while seemingly confirming its authenticity.
Motherboard reported the leak last night after what appeared to be source code for iBoot was posted publicly online. Apple issued a takedown notice on the posted code overnight which likely confirms the code was indeed leaked, although it was accessible for hours before being taken down.
Now Apple has officially responded to the potential security risk with a statement shared by CNET:
As we speculated last night, the source code being years old from the iOS 9 era likely minimizes any risks associated with it becoming public, and Apple is saying that iBoot source code leaking would not necessarily compromise iPhone security anyway.
As ever, Apple recommends updating the latest version of iOS to ensure current security fixes are in place. Apple’s latest iOS adoption numbers show that fewer than 10% of active devices are running software older than iOS 10 with 65% on iOS 11.
Apple does take secure boot firmware security seriously, however, with the category topping out the payment amount for its bounty program aimed at rewarding researchers for discovering current flaws in Apple’s software.
As per Apple’s statement, the company likely is referring to hardware components like the Secure Enclave that help maintain privacy and security on iPhones and iPads.
