Jump to content

Huge Apple Source Code Leak ( EDIT: update)

Shreyas1

So yesterday a portion of iPhone source code was leaked:

 

According to the verge:

Quote

A portion of iOS’s source code was leaked online yesterday and quickly removed after Apple filed a takedown notice with GitHub, where the code was posted. The leak, which was first reported by Motherboard, was for an iOS process named “iBoot” that starts up the system when you first turn on your iPhone and ensures the code being run is valid and originates from Apple. It was posted to GitHub at this link, which is now down.

 

Apple themselves confirmed that this leak had legit code on it

The source code in question was for ios 9, but parts of it can be used for ios 11.

IMO its a good thing apple found this quickly as it could have escalated fast...

 

However:

 

Quote

The leak could allow hackers to discover iOS vulnerabilities more easily and make creating iPhone jailbreaks simpler, even in the face of Apple’s tightened security measures. Although the code has now been taken down, there are still backups of it circulating on the web, as mentioned by a post on r/jailbreak. Jonathan Levin, who writes books about iOS and macOS system programming, told Motherboard that considering how careful Apple is to safeguard against leaks, he believes “this is the biggest leak in [its] history.”

https://www.theverge.com/2018/2/8/16992626/apple-github-dmca-request-ios-iboot-source-code

 

UPDATE:

 

it turns out that an intern leaked the code out to five of his friends who were jailbreaking, and never intended it to become this big.

 

 

 

https://www.theverge.com/2018/2/9/16997266/apple-source-code-leak-intern-internal-tools-jailbreaking-github-ios-9

 

 

 

 

Article with apple response: https://techcrunch.com/2018/02/08/apple-addresses-ios-source-code-leak-says-it-appears-to-be-tied-to-three-year-old-software/?ncid=rss

 

 

Edited by Shreyas1
Update

 

Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Aaaaand now everyone with access to that code at apple gets locked down. Apple takes this kind of thing seriously.

Current LTT F@H Rank: 90    Score: 2,503,680,659    Stats

Yes, I have 9 monitors.

My main PC (Hybrid Windows 10/Arch Linux):

OS: Arch Linux w/ XFCE DE (VFIO-Patched Kernel) as host OS, windows 10 as guest

CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest)

Cooler: Noctua NH-D15

Mobo: Asus X470-F Gaming

RAM: 32GB G-Skill Ripjaws V @ 3200MHz (12GB for host, 20GB for guest)

GPU: Guest: EVGA RTX 3070 FTW3 ULTRA Host: 2x Radeon HD 8470

PSU: EVGA G2 650W

SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME

HDD: Guest: WD Caviar Blue 1 TB

Case: Fractal Design Define R5 Black w/ Tempered Glass Side Panel Upgrade

Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure.

 

unRAID server (Plex, Windows 10 VM, NAS, Duplicati, game servers):

OS: unRAID 6.11.2

CPU: Ryzen R7 2700x @ Stock

Cooler: Noctua NH-U9S

Mobo: Asus Prime X470-Pro

RAM: 16GB G-Skill Ripjaws V + 16GB Hyperx Fury Black @ stock

GPU: EVGA GTX 1080 FTW2

PSU: EVGA G3 850W

SSD: Samsung 970 evo NVME 250GB, Samsung 860 evo SATA 1TB 

HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity)

Case: Sillverstone GD08B

Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header

Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's OS drive is the SATA SSD. Rest of resources are for Plex, Duplicati, Spaghettidetective, Nextcloud, and game servers.

Link to comment
Share on other sites

Link to post
Share on other sites

I have a dilemma with Jailbreaking, its bad for everyone doing it but lets you do things that you would not be able to with a stock firmware version. 

 

That being said, if most of the code was for iOS 9 and iOS 11 only has a part of the code being shared, then I bet it will be changed in iOS 11.3 which is slated to be out pretty soon. 

Laptop: 2019 16" MacBook Pro i7, 512GB, 5300M 4GB, 16GB DDR4 | Phone: iPhone 13 Pro Max 128GB | Wearables: Apple Watch SE | Car: 2007 Ford Taurus SE | CPU: R7 5700X | Mobo: ASRock B450M Pro4 | RAM: 32GB 3200 | GPU: ASRock RX 5700 8GB | Case: Apple PowerMac G5 | OS: Win 11 | Storage: 1TB Crucial P3 NVME SSD, 1TB PNY CS900, & 4TB WD Blue HDD | PSU: Be Quiet! Pure Power 11 600W | Display: LG 27GL83A-B 1440p @ 144Hz, Dell S2719DGF 1440p @144Hz | Cooling: Wraith Prism | Keyboard: G610 Orion Cherry MX Brown | Mouse: G305 | Audio: Audio Technica ATH-M50X & Blue Snowball | Server: 2018 Core i3 Mac mini, 128GB SSD, Intel UHD 630, 16GB DDR4 | Storage: OWC Mercury Elite Pro Quad (6TB WD Blue HDD, 12TB Seagate Barracuda, 1TB Crucial SSD, 2TB Seagate Barracuda HDD)
Link to comment
Share on other sites

Link to post
Share on other sites

4 minutes ago, Pangea2017 said:

code public equals unsafer world, thanks verge 

To be fair, by the time verge had reported on this, apple had already took action

 

Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

19 minutes ago, Pangea2017 said:

code public equals unsafer world, thanks verge 

I disagree. Security through obscurity is not real security.

That being said, exposing source code that has not been prepared for public viewing is a bad idea and should never really be done.

Current LTT F@H Rank: 90    Score: 2,503,680,659    Stats

Yes, I have 9 monitors.

My main PC (Hybrid Windows 10/Arch Linux):

OS: Arch Linux w/ XFCE DE (VFIO-Patched Kernel) as host OS, windows 10 as guest

CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest)

Cooler: Noctua NH-D15

Mobo: Asus X470-F Gaming

RAM: 32GB G-Skill Ripjaws V @ 3200MHz (12GB for host, 20GB for guest)

GPU: Guest: EVGA RTX 3070 FTW3 ULTRA Host: 2x Radeon HD 8470

PSU: EVGA G2 650W

SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME

HDD: Guest: WD Caviar Blue 1 TB

Case: Fractal Design Define R5 Black w/ Tempered Glass Side Panel Upgrade

Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure.

 

unRAID server (Plex, Windows 10 VM, NAS, Duplicati, game servers):

OS: unRAID 6.11.2

CPU: Ryzen R7 2700x @ Stock

Cooler: Noctua NH-U9S

Mobo: Asus Prime X470-Pro

RAM: 16GB G-Skill Ripjaws V + 16GB Hyperx Fury Black @ stock

GPU: EVGA GTX 1080 FTW2

PSU: EVGA G3 850W

SSD: Samsung 970 evo NVME 250GB, Samsung 860 evo SATA 1TB 

HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity)

Case: Sillverstone GD08B

Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header

Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's OS drive is the SATA SSD. Rest of resources are for Plex, Duplicati, Spaghettidetective, Nextcloud, and game servers.

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, Jito463 said:

Care to explain why? 

Choice is a construct made for non Apple fearing heathens.

 

Or something.

Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to comment
Share on other sites

Link to post
Share on other sites

lmao ok

took a while,

its a /r/jailbreak thing let me tldr and be more specific 

 

source code for iBoot (software bootloader on iOS) and bootrom for a couple of iPhones (no models, just numbers, you can guess..) has been leaked:

iBoot is for iOS 9.x I'm pretty sure

:)

if anything happens.. A4, long live limera1n

39 minutes ago, DrMacintosh said:

I have a dilemma with Jailbreaking, its bad for everyone doing it but lets you do things that you would not be able to with a stock firmware version. 

 

That being said, if most of the code was for iOS 9 and iOS 11 only has a part of the code being shared, then I bet it will be changed in iOS 11.3 which is slated to be out pretty soon. 

its great for security of iOS, if it's new exploits being discovered BEFORE apple patches (last time.. 9.0.2/9.3.3.. iirc)

if not and it's using existing problems that have been patched in the latest update.. it's not harming anyone.

 

 

at this point nobody should be using my beloved iOS 9, and it's glorious smoothness on 6s+.

Spoiler

 

 

Ryzen 5 3600 stock | 2x16GB C13 3200MHz (AFR) | GTX 760 (Sold the VII)| ASUS Prime X570-P | 6TB WD Gold (128MB Cache, 2017)

Samsung 850 EVO 240 GB 

138 is a good number.

 

Link to comment
Share on other sites

Link to post
Share on other sites

35 minutes ago, DrMacintosh said:

I have a dilemma with Jailbreaking, its bad for everyone doing it

 

 

If people want to do it how is it bad?  It's got no repercussion on anyone else.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, sazrocks said:

I disagree. Security through obscurity is not real security.

That being said, exposing source code that has not been prepared for public viewing is a bad idea and should never really be done.

It didn't need to be prepared, it was probably uploaded for public viewing

 

Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler
Spoiler

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, Pangea2017 said:

code public equals unsafer world, thanks verge 

This implies that apples code is insecure but just hidden from everyone.

 

For all we know that code could be fine and having it out there makes no change. 

                     ¸„»°'´¸„»°'´ Vorticalbox `'°«„¸`'°«„¸
`'°«„¸¸„»°'´¸„»°'´`'°«„¸Scientia Potentia est  ¸„»°'´`'°«„¸`'°«„¸¸„»°'´

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Shreyas1 said:

It didn't need to be prepared, it was probably uploaded for public viewing

I think you are misunderstanding me. I meant that Apple obviously did not intent to release this source code to the public and as such it is possible that it contains comments or keys that could compromise the security of the system.

Current LTT F@H Rank: 90    Score: 2,503,680,659    Stats

Yes, I have 9 monitors.

My main PC (Hybrid Windows 10/Arch Linux):

OS: Arch Linux w/ XFCE DE (VFIO-Patched Kernel) as host OS, windows 10 as guest

CPU: Ryzen 9 3900X w/PBO on (6c 12t for host, 6c 12t for guest)

Cooler: Noctua NH-D15

Mobo: Asus X470-F Gaming

RAM: 32GB G-Skill Ripjaws V @ 3200MHz (12GB for host, 20GB for guest)

GPU: Guest: EVGA RTX 3070 FTW3 ULTRA Host: 2x Radeon HD 8470

PSU: EVGA G2 650W

SSDs: Guest: Samsung 850 evo 120 GB, Samsung 860 evo 1TB Host: Samsung 970 evo 500GB NVME

HDD: Guest: WD Caviar Blue 1 TB

Case: Fractal Design Define R5 Black w/ Tempered Glass Side Panel Upgrade

Other: White LED strip to illuminate the interior. Extra fractal intake fan for positive pressure.

 

unRAID server (Plex, Windows 10 VM, NAS, Duplicati, game servers):

OS: unRAID 6.11.2

CPU: Ryzen R7 2700x @ Stock

Cooler: Noctua NH-U9S

Mobo: Asus Prime X470-Pro

RAM: 16GB G-Skill Ripjaws V + 16GB Hyperx Fury Black @ stock

GPU: EVGA GTX 1080 FTW2

PSU: EVGA G3 850W

SSD: Samsung 970 evo NVME 250GB, Samsung 860 evo SATA 1TB 

HDDs: 4x HGST Dekstar NAS 4TB @ 7200RPM (3 data, 1 parity)

Case: Sillverstone GD08B

Other: Added 3x Noctua NF-F12 intake, 2x Noctua NF-A8 exhaust, Inatek 5 port USB 3.0 expansion card with usb 3.0 front panel header

Details: 12GB ram, GTX 1080, USB card passed through to windows 10 VM. VM's OS drive is the SATA SSD. Rest of resources are for Plex, Duplicati, Spaghettidetective, Nextcloud, and game servers.

Link to comment
Share on other sites

Link to post
Share on other sites

Thank goodness that was quickly locked down. Don't want iOS to end up like some open-source garbage we know. Crisis averted!

Link to comment
Share on other sites

Link to post
Share on other sites

53 minutes ago, RorzNZ said:

Thank goodness that was quickly locked down. Don't want iOS to end up like some open-source garbage we know. Crisis averted!

I can't tell if this is sarcasm or not.

 

Having the source code revealed to the public can only be beneficial for consumers in the long run. In the short term it might introduce some security hole if Apple's code isn't good, but that would force Apple to make their product better in future versions.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, vorticalbox said:

This implies that apples code is insecure but just hidden from everyone.

 

For all we know that code could be fine and having it out there makes no change. 

I don't think it implies that at all.    There are way too many conditions to account for them all but the basic principal is that with out access to the code,  finding security holes is harder. Where as with open source the condition is that with the code being open from the beginning (that's the important bit)  any security hole can be found significantly quicker due to a larger spread of programmers. 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, LAwLz said:

I can't tell if this is sarcasm or not.

 

Having the source code revealed to the public can only be beneficial for consumers in the long run. In the short term it might introduce some security hole if Apple's code isn't good, but that would force Apple to make their product better in future versions.

Its not sarcasm. Apple is the most secure company software wise and this is why. Apple keeps everything locked down and finely tuned to the user. Its much better that way.

Link to comment
Share on other sites

Link to post
Share on other sites

10 minutes ago, RorzNZ said:

Its not sarcasm. Apple is the most secure company software wise and this is why. Apple keeps everything locked down and finely tuned to the user. Its much better that way.

hahahaha get out

7800x3d - RTX 4090 FE - 64GB-6000C30 - 2x2TB 990 Pro - 4K 144HZ

PCPP: https://uk.pcpartpicker.com/list/mdRcqR

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, iiNNeX said:

hahahaha get out

Sorry if I prefer a device with seamless cloud integration and top of the line security. I've never seen an Android device as secure as an iPhone. What I want my phone to do is send and recieve calls and direct them to any device I have, have a cloud messaging app, have a video calling app and the usual social media. The iPhone does that perfectly and more securely than any other phone thanks to its locked-down approach. Not to mention smoothly and very fast.

I really don't know why security isn't prominent on Android devices. It would make sense for something that holds your credit card information, e-mails and contacts to be more secure. Having it being open-source isn't a great start.
 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, RorzNZ said:

Sorry if I prefer a device with seamless cloud integration and top of the line security. I've never seen an Android device as secure as an iPhone. What I want my phone to do is send and recieve calls and direct them to any device I have, have a cloud messaging app, have a video calling app and the usual social media. The iPhone does that perfectly and more securely than any other phone thanks to its locked-down approach. Not to mention smoothly and very fast.

I really don't know why security isn't prominent on Android devices. It would make sense for something that holds your credit card information, e-mails and contacts to be more secure. Having it being open-source isn't a great start.
 

I have a MacBook Air, MacBook Pro (2017) and an iPhone X. I am not a hater by any means but damn that was some over the top statement there mate. Also your profile is a bit too one sided for me to take you seriously :P

7800x3d - RTX 4090 FE - 64GB-6000C30 - 2x2TB 990 Pro - 4K 144HZ

PCPP: https://uk.pcpartpicker.com/list/mdRcqR

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, iiNNeX said:

I have a MacBook Air, MacBook Pro (2017) and an iPhone X. I am not a hater by any means but damn that was some over the top statement there mate. Also your profile is a bit too one sided for me to take you seriously :P

Not really.

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, DrMacintosh said:

I have a dilemma with Jailbreaking, its bad for everyone doing it but lets you do things that you would not be able to with a stock firmware version. 

 

That being said, if most of the code was for iOS 9 and iOS 11 only has a part of the code being shared, then I bet it will be changed in iOS 11.3 which is slated to be out pretty soon. 

Is jailbreaking really bad? I don't mean to start a side-discussion, but that sounds like a misconception to me. Perhaps I'm reading this in the incorrect light. I used to jb all the time...

Link to comment
Share on other sites

Link to post
Share on other sites

9 hours ago, Pangea2017 said:

code public equals unsafer world, thanks verge 

 

Edit: not my opinoin, it is in the quote of the verge that ios was safer without this code beeing public

Give consideration to how what you quote may be misconstrued.

 

16 minutes ago, RorzNZ said:

Sorry if I prefer a device with seamless cloud integration and top of the line security. I've never seen an Android device as secure as an iPhone. What I want my phone to do is send and recieve calls and direct them to any device I have, have a cloud messaging app, have a video calling app and the usual social media. The iPhone does that perfectly and more securely than any other phone thanks to its locked-down approach. Not to mention smoothly and very fast.

I really don't know why security isn't prominent on Android devices. It would make sense for something that holds your credit card information, e-mails and contacts to be more secure. Having it being open-source isn't a great start.
 

Samsung Knox is likely more secure than an iPhone, as it runs stricter rules on what can be installed. Blackberry's enterprise phones running their modified Android also would likely be more secure.

But both OSX and iOS are based off of Apple's OPEN SOURCE Darwin, with proprietary services and packages running on top.

Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to comment
Share on other sites

Link to post
Share on other sites

15 minutes ago, TopHatProductions115 said:

Is jailbreaking really bad? I don't mean to start a side-discussion, but that sounds like a misconception to me. Perhaps I'm reading this in the incorrect light. I used to jb all the time...

Jailbreaking is the only way to unlock an apple's device true potential imo, it's not bad at all. However it can be used for with malicious intent as it compromises on some security aspects.

7800x3d - RTX 4090 FE - 64GB-6000C30 - 2x2TB 990 Pro - 4K 144HZ

PCPP: https://uk.pcpartpicker.com/list/mdRcqR

 

Link to comment
Share on other sites

Link to post
Share on other sites

46 minutes ago, RorzNZ said:

Sorry if I prefer a device with seamless cloud integration and top of the line security. I've never seen an Android device as secure as an iPhone. What I want my phone to do is send and recieve calls and direct them to any device I have, have a cloud messaging app, have a video calling app and the usual social media. The iPhone does that perfectly and more securely than any other phone thanks to its locked-down approach. Not to mention smoothly and very fast.

I really don't know why security isn't prominent on Android devices. It would make sense for something that holds your credit card information, e-mails and contacts to be more secure. Having it being open-source isn't a great start.
 

A very many servers out in the wild, you know, the ones that hold many people's credit card data. They all run on open source software too, namely some variant of Linux.

My eyes see the past…

My camera lens sees the present…

Link to comment
Share on other sites

Link to post
Share on other sites

48 minutes ago, RorzNZ said:

Sorry if I prefer a device with seamless cloud integration and top of the line security. I've never seen an Android device as secure as an iPhone. What I want my phone to do is send and recieve calls and direct them to any device I have, have a cloud messaging app, have a video calling app and the usual social media. The iPhone does that perfectly and more securely than any other phone thanks to its locked-down approach. Not to mention smoothly and very fast.

I really don't know why security isn't prominent on Android devices. It would make sense for something that holds your credit card information, e-mails and contacts to be more secure. Having it being open-source isn't a great start.
 

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety" Benjamin Franklin. You give up your freedom for safety but in the end you still aren't safe. No platform is completely safe and that is just how it works so it seems silly to me to choose safety of freedom. That is why I like android. They give you the freedom to do what you want and don't limit you like apple does. 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×