Apple Confirms iBoot Source Code Leak As Real, Says It’s Outdated, Security Not Reliant On Secrecy
The news that the iPhone’s iBoot bootloader had been leaked in source code form was described as the “biggest leak in history” by one researcher, but Apple has poured cold water on such a claim, saying that the code leaked is three years old and that even if it was a recent copy, Apple’s security does not rely on secrecy in order to function.
Motherboard reported the leak last night after what appeared to be the source code for iBoot was leaked online.
Apple obviously issued a takedown notice for that code, and while it was accessible by the world for a number of hours, it has now been removed entirely. That, of course, doesn’t mean it will not pop up again and the fact Apple sought to have it taken down at all, along with a subsequent statement, confirms its authenticity. In a statement given to CNET, Apple is playing down the significance of the leak.
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections,” Apple said in a statement.
Based on Apple’s claims of the source code’s age, it would appear that it is based on iOS 9-era software, likely rendering it useless with regard to modern versions of the operating system, at least that is what Apple says. Apple’s claims that the security of its devices does not depend on secrecy is an interesting one, and may come as a surprise.
No matter what the security implications are, we cannot imagine a world where Apple was not hunting for a leak during today.