SurfEasy's top priority is to the health and safety of our support staff. Due to concerns about the COVID-19 outbreak, we will continue to provide the same high quality of support to our customers as always, but will be reducing our support staff's hours to 9 am - 5 pm EST, Monday through Friday. We thank you for your understanding.


iPhone boot-up source code leaked to GitHub in "biggest leak in history"

Heather Parry

By Heather Parry

08 February 2018

Yesterday, an unknown source posted on GitHub with what experts say is the source code for a vital part of the iPhone operating system.

The code is said to be from iBoot, the secure boot-up portion of iOS, and its release into the wider world means that it could help those with malicious intent to circumnavigate Apple’s security measures, via “jailbreak” software or by exploiting vulnerabilities.

iBoot is the first process that runs when you turn on you iOS device, and its this program that ensures that the device is secure and functioning as it should. The security implications for the release of even part of its source code, then, are obvious.

Apple acted quickly, issuing a DMCA legal takedown request to GitHub, who subsequently removed the code. The DMCA request in this case refers to the fact that the iBoot source code is Apple property, and therefore copyrighted to them. However, even with GitHub’s takedown, the code was already copied, and is now in circulation elsewhere on the web.

iOS internals expert Jonathan Levin told Motherboard:

This is the biggest leak in history. It’s a huge deal.

One of the main potential issues following this leak is that an individual might find a vulnerability in the source code, they could theoretically bypass iBoot’s security check, sneaking non-Apple-approved software onto the device. However, this would not allow a hacker to bypass the device’s cryptography security, meaning the data on the device may still be safe.

Apple have invested a lot in firming up its security in the last few years, resulting in the Apple bug bounty program, which offers $200,000 to individuals who find bugs and vulnerabilities in iOS firmware.

Is Levin overestimating how much of a risk this poses to Apple? Only time will tell.

About Us

SurfEasy is a VPN tool that protects your online privacy and unblocks the internet. Use it on your Mac, PC, iPhone, iPad or Android.

Learn More