Apple Says the Leaked iPhone Source Code is Outdated (cnet.com) 80
Apple has responded to security concerns surrounding leaked iPhone source code, pointing out that any potential vulnerabilities would be outdated. From a report: "Old source code from three years ago appears to have been leaked," Apple said in a statement, "but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections." The iBoot source code for iOS 9, a core part of what keeps your iPhones and iPads secure when they turn on, was leaked on GitHub, Motherboard first reported. The source code leak was considered a major security issue for Apple, as hackers could dig through it and search for any vulnerabilities in iBoot. Apple had used a DMCA notice to get the Github page hosting the leaked code taken down, but multiple copies of the code have already spread online.
Misinformation (Score:5, Informative)
That code may contain ROM source code, which can't be updated. It'd be for older chips, but if it's ROM, it's never out of date.
Re:Misinformation (Score:5, Insightful)
I agree that this is misinformation, or perhaps disinformation. Apple is trying to avoid a knee-jerk reaction from investors who don't understand what this actually means. I can't really blame them. Tech speculators are superstitious and foolish.
Re: (Score:2)
>Tech speculators are superstitious and foolish.
What ever happened to 'due diligence'? I see so much 'investment' that is just blind gambling because the right keyword is included in the company's mission statement. It's insane.
If you have so much free capital that you're willing to throw it at companies blindly... just give it away to some useful cause.
Re: (Score:1)
Due diligence is what investors do. Today's stock market is drive by speculators and traders, neither of which give a rat's patootie about truth, only which way the stock might head in the next very little while. Also remember that many of today's 'traders' are software, DEEP-LEARNING software (hah!), which only looks at market technicals and not at company or product qualities. This software is built by the same quants that brought us the last global financial meltdown.
Re: (Score:2)
It's always a gamble, yes... but there's a difference between manufactured risk and assumed risk.
Throwing money at companies more or less randomly (say, because they've just used the word 'blockchain' in a press release) is manufactured risk. You're creating an unnecessary risk by being blind to the investment details. You can't know how big the risk is or how big the potential payoff, because you've willfully blinded yourself.
You really should have a reason to invest in a particular company - and you sh
Re: (Score:2)
the majority (possibly the vast majority) of "investing" is just speculation - the company hasn't issued new shares, so you're not really investing in it, you're just buying the theoretical fruits of someone else's investment. Given this, due diligence has kind of fallen by the wayside =/
Re: (Score:2)
>Tech speculators are superstitious and foolish.
What ever happened to 'due diligence'?
I do my due diligence! It's called Magic 8-ball. I use it for all my investment decisions and it's never steered me wrong! My family has used the same one for many generations. All praise Magic 8-ball!
Re: (Score:2)
Apple is trying to avoid a knee-jerk reaction from investors who don't understand what this actually means
I think you're thinking of a different company called Unicorn Technology, Inc. where upper management actually understands how to run a technology business and doesn't emotionally react to stuff that sounds like it might be bad without actually understanding what it actually means...
Re: Misinformation (Score:1)
That can't be true. How else would Apple uphold their practice of breaking things with updates?
Re:Misinformation (Score:5, Informative)
That code may contain ROM source code
It likely doesn't, given that a large part of the ROM code's job is to validate the integrity of iBoot (the part of iOS that leaked). Ars' writeup [arstechnica.com] goes into a tiny bit more detail about what iBoot actually is, but the relevant bit for this conversation is that iBoot is the next step in the chain after ROM in the secure bootup procedure. Of course, being able to review iBoot's code can likely provide some insight into how the ROM's code is designed to function.
Re: (Score:2)
Re:Misinformation (Score:4, Informative)
In other news (Score:5, Funny)
The entire source code for Android was leaked online.
Rumor has it Google was the one to leak it.
You can find the leaked code at https://source.android.com/ [android.com]
Re: (Score:2, Funny)
+1 Wooooosh!
Re:In other news (Score:4, Insightful)
The entire source code for Android was leaked online. Rumor has it Google was the one to leak it.
You can find the leaked code at https://source.android.com/ [android.com]
The difference is that Android's source code has been out there and scrutinized by many people and organizations. Apple's has only been scrutinized by Apple until now. Even if significant amounts of the code are outdated, it could give people a better idea of what kind of attacks may be possible. Plus the fact that it is news may spur more attention to IOS exploits, if only out of curiosity.
A few non-GMS Android devices (Score:2)
Name a single product running AOSP.
Archos 43 Internet Tablet. Kindle Fire. Fire Phone. Every Android device intended for the People's Republic of China market.
Re: (Score:2)
Name a computing device from the past ten years running any operating system that doesn't have any proprietary bits in it. CPUs in even Purism Librem PCs have proprietary microcode.
Or was your point that all computing devices are equally unacceptable because they have at least one line of proprietary code in them?
Treble: Progress toward making AOSP installable (Score:2)
No the point is that you can't just take AOSP, build it and install it on any device.
Google is trying to fix that. Treble in Android 8 [android.com] is an ABI allowing new versions of Android to install on top of the hardware abstraction layer provided by the manufacturer of an Android 8+ device. It'll be more like Windows or some GNU/Linux distributions, where the blobs are their own separate package and have their own test suite (Treble VTS on Android or HCK on Windows).
I can take the ubuntu source, build it and run it on just about any PC
And be without accelerated graphics, audio, WLAN, and suspend until you install blobs. Good luck building Debian or any other GNU/Linu
Re: (Score:2)
If someone chooses to buy hardware that has no free drivers to run it, when alternatives do exist, who's to blame? Should we also blame Apple when a random USB gadget designed for Windows has no drivers for OS X?
Re: (Score:2)
If someone chooses to buy hardware that has no free drivers to run it, when alternatives do exist, who's to blame?
The person who bought it to give as a gift. Or the market, when alternatives do not in fact exist. On that note:
ASUS T100TA
alternatives do exist
I'm curious as to what they are. Which laptop or detachable with a 10 to 11.6 inch display do you recommend for running GNU/Linux without proprietary binary blobs?
Android 8+ device
alternatives do exist
I'm curious as to what they are. Which pocket computer with WLAN and cellular voice and data communication capability do you recommend for use without proprietary binary blobs?
Should we also blame Apple when a random USB gadget designed for Windows has no drivers for OS X?
Not usually, because Apple publishes enough information about
Re: (Score:2)
The FSF has a list of computers they recommend [fsf.org]. There's also a list of hardware which needs no binary blob [h-node.org].
There is none on the market. I wrote "when alternatives exist", I never meant that there were alternatives to all proprietary blobbed hardware, that'd be preposterous, as th
Re: (Score:2)
Which laptop or detachable with a 10 to 11.6 inch display do you recommend
The FSF has a list of computers they recommend
Most are refurbished Lenovo ThinkPad laptops, and zero of those are in the size range I mentioned.
Re: (Score:2)
There will always be exceptions to the general rule and there are outlier cases in the PC world but in the Android world that's the norm. You can always find some niche combination of variables and point to that as an example of the exception to the rule but that doesn't prove anything we don't already know.
Is the category of small laptops itself "some niche combination of variables"? Many if not most 11.6 inch or smaller laptops since the end of 2012 that I'm aware of have been either expensive, a Chromebook (whose firmware nags the user to wipe the hard drive if an OS other than Chrome OS is installed), or some underdocumented detachable.
NOT ALL ReLeAsEd!!! Imagonnabeatyabitch! (Score:1)
Teh G keeps much code secret, only for its use. Not even talking about the modem.
iBoot: One i, one Boot (Score:1)
Re: (Score:3)
I am now imagining a pair of Uggs with googly eyes on top and a touchscreen below it showing the nose and mouth, to allow for adaptive facial expressions based on what you step in.
Re: (Score:3)
I know you were taking a jab at Apple, but the statement and action are consistent. Security is in the design, while vulnerabilities are in the implementation. The security doesn't change if the source is available, but the ability to find and exploit vulnerabilities increases. In other words, vulnerabilities exist whether or not the source is available, but having the source improves a hacker's chances at finding them.
Re: It does or it doesn't? (Score:2)
Of course it's outdated... Wink Wink. (Score:5, Insightful)
If you are actively maintaining it, it is outdated as soon as some programmer checks something new into what ever you use for source code management, which if you are Apple, likely happens multiple times a day for the development streams. Even a small group of developers doing agile (the right way) will be committing changes multiple times a day... Apple does releases every few months on average, so any code is out of date every quarter or so...
The question is really how long ago this code was actually in use.... Yesterday? last year? The year before?
Re: (Score:1)
Even^H^H^H^HEvery a small group of developers doing agile (the right way) will be committing changes multiple times a day.
FTFY.
Re: (Score:2)
You introduced an error. Please revert your attempted fix.
What if (Score:1)
Re: (Score:1)
Three years old? (Score:4, Insightful)
..."Old source code from three years ago appears to have been leaked," Apple said in a statement...
This code screenshot has a copyright date of 2016. http://www.theregister.co.uk/2... [theregister.co.uk]
Much like your lies, Apple (Score:2, Interesting)
Apple claims to support their phones for five years after the last date of manufacture for the product - https://support.apple.com/en-u... [apple.com]
The iPhone 4S ceased production in February 2016. Official Apple support stopped very shortly thereafter.
Ummm, No. (Score:5, Informative)
The 5 year guarantee is for hardware service & customer support. As of today, iPhone 4S is still supported by Apple in that sense (see here: serviced [apple.com]).
There is no guarantee that you'll continue getting software updates for 5 years. The last iPhone 4s-compatible iOS update was iOS 9.3.5, released on August 25, 2016, which is almost 5 years from the initial release of the iPhone 4S (October 4, 2011), and that's pretty typical (>4 years of software updates on the newest model).
Feel free to cite another major smartphone manufacturer that does better in terms of customer & hardware support lifetime and OS updates.
Re: (Score:2)
An AC responds to a series of facts backed up by citations by making a baseless claim based on no evidence while complaining that a product they don’t want isn’t something other than what it claims to be. They then have the gall to suggest the person they’re responding to is the zealot.
Have you tried looking in a mirror recently?
Re: (Score:2)
"The 5 year guarantee is for hardware service"
The software that is required to run the hardware is part of the fucking hardware service. The hardware can NOT run without the software.
But please, try to apologize more for a company that has always lied in its marketing to make a fucking sale.
I think you're confused (Score:2)
2. No major phone manufacturer provides a guarantee of 5 years of software updates, Apple is the clear leader in software update lifetime for phones--and it's not close.
3. The SW on an iPhone 4S continues to work just fine, it's just stuck at iOS 9.3.5 and won't benefit from new features.
4. Nobody is forcing you to buy an iPhon
Re: (Score:2)
"If you have a cite to show otherwise then please post it. "
In my OP above, if you failed to read, the source DIRECT FROM FUCKING APPLES OWN PAGES.
I also used to be an Apple service tech, so I know damned well what their policies are.
This, from the same company: (Score:2)
Re: (Score:2)
Chained Loader (Score:1)
So I wonder if there is a possibility that this could be used to chain another bootloader in order to get linux or even android to boot on some older phones?