The iOS code fragment has been made public - what does this mean for iPhone owners?
The part of the Apple's most important product code - iBoot, i.e. the fragment responsible for the process verifying the authenticity of the iOS system - has been made public on the GitHub website.
The leakage of the code can always have serious consequences for the manufacturer of the device. In this case Apple fell victim to the attack - GitHub revealed a significant fragment of the source code of the iPhone, iBoot. It's a boot loader for iOS that runs the system boot procedure.
What can be the consequences? It will help developers better understand system architecture and develop better jailbreak methods. It can also be used to find vulnerabilities in newer versions of iOS (shared code applies to iOS 9). Theoretically, it can allow you to run another system on your Apple device (imagine an Android iPhone?) Or create custom iOS ROMs. And security breaches that can lead to data theft. Maybe it will not happen, but iOS has certainly lost its hermeticity.
Essential code snippet on GitHub
Predictably, Apple reacted quickly and removed the repository from GitHub (here you will find a DMCA claim). Of course, nothing is lost on the Internet - the code is now available and analyzed by various websites that managed to copy it :) The producer also sent a message confirming the authenticity of the code, however, paying attention to the fact that iPhone users should not feel threatened - their iPhones have sufficient security at both the hardware and software level, and the security of products does not depend on the public availability of the code: Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.