Feb 8, 2018 - Technology

Critical iPhone source code leaks


NuPhoto / Getty Images

Source code used by Apple to securely boot iPhones leaked online and was widely distributed until Thursday morning, when Apple used copyright law to get the code taken down. Newer iPhone models have additional security measures that will likely mitigate any security problems.

Why it matters: The source code gives malicious actors an unprecedented look at the internals of one of iPhone's key security features. But even if attackers could use the code to discover vulnerabilities in iOS 9, that does not mean most iPhone users are currently at risk.

How it works: The code, posted to the programming repository GitHub and first spotted by reporters at Motherboard, controls the iBoot function in iOS 9. iBoot checks to make sure the operating system is authentic before booting the phone.

iOS 9 isn't the current iOS, but it also isn't nothing: iOS is currently at version 11, meaning the code is likely out of date. And nearly all phones in the Touch ID era include a "secure enclave" processor — a processor that makes it much more difficult to tamper with the boot process.

Still, for legacy phones or by potentially pairing the leaked code with future vulnerabilities in boot security, it may provide some additional security risk.

Go deeper