Apple plays down security fears over leaked iOS source code
The code had appeared on open source site GitHub.
Apple has played down fears that leaked source code from an old version of its iOS operating system could compromise the security of some products.
The code, known as iBoot, appeared on open source platform GitHub before being removed at Apple’s request, and appeared to be from the company’s iOS 9 software, which was released in 2015.
iOS is the software that powers the iPhone and iPad.
Apple has now confirmed the code was real, but said the incident would not affect the security of its devices as it did not rely on secrecy around code to protect its devices.
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” the company said in a statement.
“There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
According to Apple’s own numbers, 93% of users are running iOS 10 or later – software which also may no longer use the code.
Cyber security expert Amit Sethi from Synopsys said the leak was unlikely to have a major impact on users.
“If Apple built iBoot securely, this leak should have little impact,” he said.
“While having access to source code does make it easier to find vulnerabilities, many iOS jailbreaks over the years have proved that it is not necessary.
“In fact, this leak will provide better insight into how secure iOS devices really are. If we don’t see many new exploits, then we’ll have better confidence in iOS security.
“On the other hand, if this does result in more exploits, we’ll end up with more secure devices in the long term as Apple fixes the discovered vulnerabilities.”