Apple has gotten caught up in a huge leak which revealed the source code of iOS 9 for anyone to parse through on GitHub. The company’s ordered the post scrubbed from the site via a DMCA takedown notice since it first went up, but it was likely around long enough for people to make copies of.
The controversy started when an anonymous person uploaded the iOS 9 iBoot source code in its entirety. iBoot is basically the first program which starts up when turning on an iPhone, verifying the kernel signing and then executing it. Leaving such an essential part of iOS exposed, even if only for a limited period of time, could have allowed hackers to find holes and exploit them.
Apple is downplaying this though, pointing out that the source code is from iOS 9 which was released 3 years ago. It claims it won’t pose a threat to people who update their iPhones and iPads. Over 93% of users are on iOS 10 and above, but that still leaves 7% of them vulnerable.
For them, Apple says the security of its products doesn’t depend on the secrecy of its source code. The brand asserts that there are many layers of hardware and software protections built into its iPhones and iPads. For instance, there’s the hardware-based Secure Enclave which stores Touch and Face ID data.
Still, there’s a chance some of iOS 9’s iBoot code got carried over to iOS 10 and iOS 11. Unlike Android, iOS is not open source. Apple has always maintained a high level of secrecy in its inner workings and this leak has broken off a big chunk of its armor. We’ll have to wait and see whether there are any serious repercussions from it.