Apple is not happy at all today with some of its critical source code having been posted online for the world to see.
A user has just posted iPhone source code on Github that could very well open up the operating system for hackers and security researchers to better make iPhone jailbreaks. The company launched its bug bounty program in 2016, and flaws in secure boot firmware components were valued at up to $200,000. This component verifies that iOS is loaded correctly every time and if the kernel is signed by Apple.
The iOS device maker maintained that the leaked source code is now largely irrelevant since majority of iPhone and iPad users have already been updated to iOS 10 versions and up. It appears to be the source code for iBoot from iOS 9, so it's outdated, but iOS 11's iBoot probably has many similarities. "It's a huge deal".
As Macrumors points out, modern iOS devices have Secure Enclave processor protection, which hardens device security. A few hours later, Apple issued several DMCA notices and had the repositories removed from GitHub.Читайте также: Meet Team USA's 2018 Winter Olympics Opening Ceremony Flag Bearer Erin Hamlin
Interestingly, the same source code was also published on Reddit four months earlier by a user named apple_internals. It was first revealed by Motherboard and contained code labelled "iBoot", the base instructions for how Apple maintains a trusted environment when starting up an iPhone. Here's hoping Apple is right, because the code was up long enough for it to spread far beyond GitHub.
Apple is famous for keeping its code secret, but this leak might result in some headaches for the Cupertino tech giant. But such a hypothetical vulnerability is unlikely to allow an attacker to bypass the cryptographic security on the iOS device itself, so it may be of less use to individuals trying to bypass a phone owner's password or PIN. These days, modders are more likely to sell the exploit than release it for free to the jailbreak community.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог
- Flu Season 2018: How to Identify Flu from Colds
- South Africa vs India, 2018: 3rd ODI - Statistical Highlights
- Georgia Tech coach Josh Pastner accused of sexual assault in counter-lawsuit
- USA urges Bangladesh to ensure fair trial for Khaleda Zia
- Spider with a tail discovered in 100m-year-old amber
- Top recruit, Quay Walker, tosses Tennessee hat for Georgia
- Norwegian chefs accidentally order 15000 eggs for Olympic team
- Steve Wynn leaves Wynn Resorts over misconduct allegations
- Southwest Airlines plane skids off taxiway at BWI Airport in Maryland
- Trump orders Pentagon to draw up plans for military parade in Washington