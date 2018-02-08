Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
IOS Privacy Security Apple IT Technology

Apple Says the Leaked iPhone Source Code is Outdated (cnet.com) 56

Posted by msmash from the closer-look dept.
Apple has responded to security concerns surrounding leaked iPhone source code, pointing out that any potential vulnerabilities would be outdated. From a report: "Old source code from three years ago appears to have been leaked," Apple said in a statement, "but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections." The iBoot source code for iOS 9, a core part of what keeps your iPhones and iPads secure when they turn on, was leaked on GitHub, Motherboard first reported. The source code leak was considered a major security issue for Apple, as hackers could dig through it and search for any vulnerabilities in iBoot. Apple had used a DMCA notice to get the Github page hosting the leaked code taken down, but multiple copies of the code have already spread online.

Apple Says the Leaked iPhone Source Code is Outdated More | Reply

Apple Says the Leaked iPhone Source Code is Outdated

Comments Filter:

  • Misinformation (Score:5, Informative)

    by Balial ( 39889 ) on Thursday February 08, 2018 @02:40PM (#56090947) Homepage

    That code may contain ROM source code, which can't be updated. It'd be for older chips, but if it's ROM, it's never out of date.

    • Re:Misinformation (Score:5, Insightful)

      by uCallHimDrJ0NES ( 2546640 ) on Thursday February 08, 2018 @02:43PM (#56090963)

      I agree that this is misinformation, or perhaps disinformation. Apple is trying to avoid a knee-jerk reaction from investors who don't understand what this actually means. I can't really blame them. Tech speculators are superstitious and foolish.

      • >Tech speculators are superstitious and foolish.

        What ever happened to 'due diligence'? I see so much 'investment' that is just blind gambling because the right keyword is included in the company's mission statement. It's insane.

        If you have so much free capital that you're willing to throw it at companies blindly... just give it away to some useful cause.

        • Re: (Score:1)

          by Anonymous Coward

          Due diligence is what investors do. Today's stock market is drive by speculators and traders, neither of which give a rat's patootie about truth, only which way the stock might head in the next very little while. Also remember that many of today's 'traders' are software, DEEP-LEARNING software (hah!), which only looks at market technicals and not at company or product qualities. This software is built by the same quants that brought us the last global financial meltdown.

        • Re: (Score:2)

          by suutar ( 1860506 )

          the majority (possibly the vast majority) of "investing" is just speculation - the company hasn't issued new shares, so you're not really investing in it, you're just buying the theoretical fruits of someone else's investment. Given this, due diligence has kind of fallen by the wayside =/

        • Re: (Score:2)

          by zifn4b ( 1040588 )

          >Tech speculators are superstitious and foolish.

          What ever happened to 'due diligence'?

          I do my due diligence! It's called Magic 8-ball. I use it for all my investment decisions and it's never steered me wrong! My family has used the same one for many generations. All praise Magic 8-ball!

      • Re: (Score:2)

        by zifn4b ( 1040588 )

        Apple is trying to avoid a knee-jerk reaction from investors who don't understand what this actually means

        I think you're thinking of a different company called Unicorn Technology, Inc. where upper management actually understands how to run a technology business and doesn't emotionally react to stuff that sounds like it might be bad without actually understanding what it actually means...

    • Re:Misinformation (Score:5, Informative)

      by Anubis IV ( 1279820 ) on Thursday February 08, 2018 @03:35PM (#56091257)

      That code may contain ROM source code

      It likely doesn't, given that a large part of the ROM code's job is to validate the integrity of iBoot (the part of iOS that leaked). Ars' writeup [arstechnica.com] goes into a tiny bit more detail about what iBoot actually is, but the relevant bit for this conversation is that iBoot is the next step in the chain after ROM in the secure bootup procedure. Of course, being able to review iBoot's code can likely provide some insight into how the ROM's code is designed to function.

    • ROMs ????, not likely. EEPROM or some other tech yes, but ROMs, no way,

    • Re: (Score:3)

      by Aaden42 ( 198257 )
      iBoot is the first code to execute AFTER mask ROM on the device. The source may contain some information about the ROM by virtue of interfacing with it, but if the leak was just iBoot source, it shouldn't contain source for the ROM itself. I doubt there's anything in the leak that isn't patchable in order devices if Apple chose to do so.

  • In other news (Score:5, Funny)

    by viperidaenz ( 2515578 ) on Thursday February 08, 2018 @02:53PM (#56091037)

    The entire source code for Android was leaked online.
    Rumor has it Google was the one to leak it.

    You can find the leaked code at https://source.android.com/ [android.com]

    • Re: (Score:3)

      by dj245 ( 732906 )

      The entire source code for Android was leaked online. Rumor has it Google was the one to leak it.

      You can find the leaked code at https://source.android.com/ [android.com]

      The difference is that Android's source code has been out there and scrutinized by many people and organizations. Apple's has only been scrutinized by Apple until now. Even if significant amounts of the code are outdated, it could give people a better idea of what kind of attacks may be possible. Plus the fact that it is news may spur more attention to IOS exploits, if only out of curiosity.

  • What iBoot needs is many eyes; they make all bugs shallow.

    • Re: (Score:3)

      by dgatwood ( 11270 )

      I am now imagining a pair of Uggs with googly eyes on top and a touchscreen below it showing the nose and mouth, to allow for adaptive facial expressions based on what you step in.

  • Of course it's outdated... Wink Wink. (Score:5, Insightful)

    by bobbied ( 2522392 ) on Thursday February 08, 2018 @03:56PM (#56091395)

    If you are actively maintaining it, it is outdated as soon as some programmer checks something new into what ever you use for source code management, which if you are Apple, likely happens multiple times a day for the development streams. Even a small group of developers doing agile (the right way) will be committing changes multiple times a day... Apple does releases every few months on average, so any code is out of date every quarter or so...

    The question is really how long ago this code was actually in use.... Yesterday? last year? The year before?

    • Even^H^H^H^HEvery a small group of developers doing agile (the right way) will be committing changes multiple times a day.
      FTFY.

  • Apple was the leaker?

  • Three years old? (Score:3)

    by QuietLagoon ( 813062 ) on Thursday February 08, 2018 @04:05PM (#56091457)

    ..."Old source code from three years ago appears to have been leaked," Apple said in a statement...

    This code screenshot has a copyright date of 2016. http://www.theregister.co.uk/2... [theregister.co.uk]

  • Apple claims to support their phones for five years after the last date of manufacture for the product - https://support.apple.com/en-u... [apple.com]

    The iPhone 4S ceased production in February 2016. Official Apple support stopped very shortly thereafter.

  • That said people were holding the phone wrong. That said the slowdown was a "feature" and on and on.

  • So I wonder if there is a possibility that this could be used to chain another bootloader in order to get linux or even android to boot on some older phones?

Slashdot Top Deals

Riches cover a multitude of woes. -- Menander

Close