Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Says the Leaked iPhone Source Code is Outdated (cnet.com)

Posted by msmash on from the closer-look dept.

Apple has responded to security concerns surrounding leaked iPhone source code, pointing out that any potential vulnerabilities would be outdated. From a report: "Old source code from three years ago appears to have been leaked," Apple said in a statement, "but by design the security of our products doesn't depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections." The iBoot source code for iOS 9, a core part of what keeps your iPhones and iPads secure when they turn on, was leaked on GitHub, Motherboard first reported. The source code leak was considered a major security issue for Apple, as hackers could dig through it and search for any vulnerabilities in iBoot. Apple had used a DMCA notice to get the Github page hosting the leaked code taken down, but multiple copies of the code have already spread online.

4 of 80 comments (clear)

  1. Misinformation by Balial · · Score: 4, Informative

    That code may contain ROM source code, which can't be updated. It'd be for older chips, but if it's ROM, it's never out of date.

    1. Re:Misinformation by Anubis+IV · · Score: 5, Informative

      That code may contain ROM source code

      It likely doesn't, given that a large part of the ROM code's job is to validate the integrity of iBoot (the part of iOS that leaked). Ars' writeup goes into a tiny bit more detail about what iBoot actually is, but the relevant bit for this conversation is that iBoot is the next step in the chain after ROM in the secure bootup procedure. Of course, being able to review iBoot's code can likely provide some insight into how the ROM's code is designed to function.

    2. Re:Misinformation by Aaden42 · · Score: 3, Informative

      iBoot is the first code to execute AFTER mask ROM on the device. The source may contain some information about the ROM by virtue of interfacing with it, but if the leak was just iBoot source, it shouldn't contain source for the ROM itself. I doubt there's anything in the leak that isn't patchable in order devices if Apple chose to do so.

  2. Ummm, No. by Brannon · · Score: 4, Informative

    "The 4S was discontinued officially on September 9, 2014 following the announcement of the iPhone 6" (the Feb 2016 date was for 'developing markets' which presumably fall under a different policy)

    The 5 year guarantee is for hardware service & customer support. As of today, iPhone 4S is still supported by Apple in that sense (see here: serviced ).

    There is no guarantee that you'll continue getting software updates for 5 years. The last iPhone 4s-compatible iOS update was iOS 9.3.5, released on August 25, 2016, which is almost 5 years from the initial release of the iPhone 4S (October 4, 2011), and that's pretty typical (>4 years of software updates on the newest model).

    Feel free to cite another major smartphone manufacturer that does better in terms of customer & hardware support lifetime and OS updates.