You are here: Home » News-IANS » Defence-Security
Business Standard

Apple knew about iPhone source code leak

IANS  |  San Francisco 

has confirmed that it was aware of a source code leak that could have compromised the iPhone's security system and has asked to remove the code.

An employee told technology website Motherboard that the company knew of the leak before it was posted on but the employee did not mention any time.

has also rubbished that security threat to iPhones.

The leak of the iBoot source code is not a security risk for most users, said, but it is an embarrassment for a company that prides itself in secrecy and aggressively goes after leaks.

"Old source code from three years ago appears to have been leaked, but by design the security of our products doesn't depend on the secrecy of our source code.

"There are many layers of hardware and built into our products, and we always encourage customers to update to the newest to benefit from the latest protections," the company was quoted as saying.

On Wednesday, an unidentified person with a user named "ZioShiba" published the source code on

The iBoot code was for 9 and was two years old but it could help security researchers and the jailbreak community find new bugs and vulnerabilities in a key part of the iPhone's locked-down ecosystem.

When Motherboard probed the source of the post, they found that the leak happened when a low-level employee passed on some of the iPhone's sensitive iBoot source codes -- the part of responsible for ensuring a trusted boot of the -- to a group of friends, who were associated with a jailbreak community.

Jailbreaking is privilege escalation for the process of removing imposed by on

That low-level employee took the code from while working at the company's in 2016. Two people, who originally received that code from the employee told Motherboard.

The five friends of that employee encouraged the worker to leak internal code as they wanted them for their security research.

"He pulled everything, all sorts of and whatnot," a friend of the intern was quoted as saying.

According to the people, they never wanted the code to leave the group ever but eventually, the code was shared widely and the original group lost control of its dissemination.

"We personally never wanted that code to see the light of day. Not out of greed but because of fear of the legal firestorm that would ensue," they said.

"It can be weaponised. There's something to be said for the freedom of information, many view this leak to be good. [But] information isn't free when it inherently violates personal security," the group said.

"We did our best to try to make sure that it got leaked [only after the code] got old," they added.

A year later, some of the original group members, who had the codes delivered to them, posted the screenshots of the leak and boasted about them.

The screenshots were later shared on Reddit. But the post was automatically removed by a moderator bot and on Wednesday, a copy of the original leak was reposted on

It went viral -- first inside the jailbreak community and then within the larger security research community. Within hours, people on were talking about it.

"None of this was ever supposed to leave a handful of people, what's happened is quite disastrous," one of the people who originally received the code said, adding that the original intentions were non malicious.

--IANS

sku/in/vm

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Sat, February 10 2018. 15:44 IST
RECOMMENDED FOR YOU
RECOMMENDED FOR YOU