Skip to main content

iPhone source code leaked online could lead to potential exploits

(Image credit: Image Credit: Relexahotels / Pixabay)

Apple's iPhone (opens in new tab) could soon be a great deal more vulnerable to exploits by hackers after an anonymous user posted part of its highly guarded source code online for anyone to see. 

Though iPhone users are not at immediate risk following the leak, security experts have warned that hackers could develop ways to recreate the code and alter it for their own malicious purposes in the future. 

A part of the source code for iOS (opens in new tab) was published by an anonymous user on the web-based hosting service, GitHub that is primarily used by developers to share code with one another.  The source code that was leaked online comes from the three-year-old iOS 9, though since it pertains the iPhone's boot process, it is likely still included in the latest version of Apple's mobile OS. 

The code itself pertains to the company's iconic smartphone's “iBoot” system which is launched when a user presses the power button on their devices.  Hackers could potentially use this code to install malware or even surveillance tools on a wide range of iPhones since they all theoretically contain this snippet of code. 

Insinia Security's Matthe Carr offered more details on the potential impact of the leak, saying: 

“It's big, but does not directly impact users yet.  But it gives visibility into what the code does so anyone looking to reverse engineer iOS and write exploits can use this to make their job much easier.  There may even be massive parts of code reused so they could try and find bugs in old code and see if it works on new versions.” 

Apple has always been very protective of its source code in order to prevent vulnerabilities, which could be exploited by malicious third-parties, from being discovered.  The company also operates a bug bounty program (opens in new tab) to protect the security of its devices and software by paying security researchers and white hackers when they discover a vulnerability.  For instance on its site, Apple clearly states that an iBoot system disclosure could be worth as much as $200,000 since it is such an integral part of the iPhone's source code. 

Following the leak of the company's source code, Apple has since issued a take-down notice to GitHub to prevent the iBoot source code from being distributed online. 

Image Credit: Relexahotels / Pixabay

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.