Apple Security Risks Keep Rising As iPhone Source Code Leaks

Printer-friendly version Email this CRN article

Apple's reputation as a provider of operating systems that are more secure than the alternatives is taking yet another hit, as Apple's iOS source code for the iPhone reportedly has been posted on the web.

The purported iPhone operating system code was posted on code-sharing site GitHub and was reportedly removed after a request from Apple that cited copyright law.

[Related: Apple CEO Tim Cook Is 'Thrilled' With iPhone X Demand, But Mac Sales Streak Is Over]

The move by Apple would seem to confirm the authenticity of the code, according to reports.

The so-called iBoot source code is involved in securely booting up iPhones, and was actually a part of iOS 9 -- although it's likely to still be a part of the current version of iPhone operating system software, iOS 11, reports said.

Apple did not immediately respond to a request for comment.

The exposure of the code raises the risk of hacking and jailbreaking activity related to Apple's iPhone, and lands another blow against the narrative that Apple's software is virtually impervious to security threats.

"This is a significant situation for Apple, who differentiates itself on being a closed, highly secure platform," said Jay Gordon, vice president of sales at Plano, Texas-based Honeywell Enterprise Mobility.

Unlike with Android software and devices, "Apple owns all aspects of the hardware and software on its platform, which gives them an edge in being able to manage threats and vulnerabilities," Gordon said. "This development proves that third-party security software from the likes of MobileIron, AirWatch, SOTI and others remains a needed part of any mobility strategy to thwart jailbreaking and intrusions to the enterprise."

He added, "I am positive that Apple is already working on a solution to ensure this does not occur again."

Other recent Apple security issues included a bug in macOS High Sierra that allowed access simply by typing in the username "root," as well as the so-called "Fruitfly" malware, which could be used for such surveillance activities as taking webcam photos and capturing keystrokes. Mac users saw a 240 percent increase in malware during the first three quarters of 2017, according to cybersecurity vendor Malwarebytes.

In terms of iPhone security, a cyberattack that could involve taking over an iPhone user's camera and microphone if a user clicked a text message link was revealed in August 2016. That same month, Apple revealed a bug bounty program to pay researchers that uncover security vulnerabilities in its products, in an admission by Apple that its products are not immune to security issues.

While the iPhone source code leak presents a risk of hackers taking advantage, the leak raises other questions about Apple as well, said Douglas Grosfield, founder and CEO of Kitchener, Ontario-based Five Nines IT Solutions.

"It speaks to a larger issue: How did it happen?" Grosfield said. "Apple will be scrambling to mitigate any potential risks, and the window of opportunity for malware to take advantage of that is probably pretty small. But on a larger scale, a more important scale, how did the code get leaked out? Basic technologies such as data leakage protection should keep that kind of thing from happening."

Printer-friendly version Email this CRN article