Apple Calms Nerves After GitHub Code Leak
Apple has sought to play down fears over the security of its operating system after a portion of iOS source code was leaked on GitHub this week, claiming it’s from several years ago.
News outlets were awash with speculation on the potential implications of the leak, which apparently focused around the iBoot process that runs on a device as it’s booting up.
It was suggested that the code could give hackers invaluable insight, helping them find new vulnerabilities and ways to jailbreak devices.
Although Apple issued a swift DMCA takedown notice to GitHub, confirming that the code in question was its own and not open source, it’s likely to have been replicated elsewhere by now.
As for risk exposure, the vast majority of iOS users are now running newer versions of the operating system, according to official figures.
Apple has also sought to quell any potential concerns with a statement, claiming the code itself was old and that its multi-layered approach to security should mitigate any residual risk:
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
However, the once impenetrable operating system has certainly been found to be fallible in recent years.
In November it released a number of patches including a fix for the infamous KRACK attack which targets the WPA2 protocol, as well as others discovered by researchers on the latest versions of iOS.
A Zscaler report from 2016 claimed that iOS devices are leaking more metadata, PII and location data on average than Android devices.
Source: Information Security Magazine