Home / Cyber Risk / Does Apple knew about iOS source code leak?

Does Apple knew about iOS source code leak?

A confirmation made by Apple shows that it was aware of a source code leak that could have compromised iPhone's security system and has approached the popular web-based hosting service GitHub to remove the code.

An Apple employee according to Motherboard, Apple knew of the leak before it was posted on GitHub but he did not mention when exactly it happened.

Apple reiterate that the leak of the iBoot source code is not a security risk for most users. This many Internet security conscious users find embarrassing and disgusting by a giant of tech industry.

"Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code.

"There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections," the company was quoted as saying.

A user on GitHub nick named "ZioShiba" published the source code on February 7.

The iBoot code was basically for iOS 9, but it could help iOS security researchers and the jailbreak community find vulnerabilities in the iPhone locked-down ecosystem.

A friend of the Apple employee who helped in releasing the source code that helps in development of the iBoot was quoted as saying;

"He pulled everything, all sorts of Apple internal tools and whatnot," a friend of the intern was quoted as saying.

According to the people, they never wanted the code to leave the group ever but eventually, the code was shared widely and the original group lost control of its dissemination.

"We personally never wanted that code to see the light of day. Not out of greed but because of fear of the legal firestorm that would ensue," they said.

"It can be weaponised. There's something to be said for the freedom of information, many view this leak to be good. [But] information isn't free when it inherently violates personal security," the group said.

"We did our best to try to make sure that it got leaked [only after the code] got old," they added.

Some allied members of the employee posted the screenshots of the leak and boasted about them after the code gone public.

The screenshots were shared on Reddit which was automatically deleted by Redditch.

"None of this was ever supposed to leave a handful of people, what's happened is quite disastrous," one of the people who originally received the code said, adding that the original intentions were non malicious.

Leave a Reply

%d bloggers like this: