The biggest leak in history: Secret iPhone source code leaked online


Security experts are warning iPhone users about what has been dubbed the “biggest leak in history”.

Part of the source code for iOS, Apple’s mobile operating system, has been posted online in a leak that could potentially allow hackers to expose security holes in the iPhone.

Although the leak is not believed to put iPhone users at immediate risk, security experts have warned that hackers could study the code and try to replicate and then manipulate it for malicious purposes.

Users would then be put at risk if hackers tried to carry out attacks in the future.

Earlier this week an anonymous user posted the source code, the data that underpins Apple’s iOS software, on the website GitHub, which is used by computer programmers to share code for websites, apps and software.

The leaked code relates to iOS 9, which is now three years old. However, security experts have warned that much of the code is likely to be the same as in the latest version of iOS.

The leaked code refers to Apple’s iBoot system which begins when an iPhone is turned on.

Hackers could potentially use this to engineer a way to install malware or surveillance tools onto an iPhone.

Speaking to tech site MotherBoard, security researcher Jonathan Levin said: “This is the biggest leak in history.

“It’s a huge deal”, he added.

Apple has confirmed the leak and taken legal steps to have the post containing the code removed from the GitHub website.

“Old source code from three years ago appears to have been leaked,” a spokesperson for Apple told CNET.

“But by design the security of our products doesn’t depend on the secrecy of our source code.”

“There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections,” the spokesperson added.

On Thursday the Cupertino firmed filed a takedown request on grounds the post containing the leaked source code breached copyright. Despite being removed from GitHub, the code has since appeared on numerous other sites.


Comments are closed.