Apple iBoot Source Code in the Wild

Today’s headline for data leaks that should never happen involves Apple. Apple is a media darling so anything Apple does gets attention. Today’s story involves the iBoot source code for iOS 9 being leaked on GitHub. GitHub is a software development site/tool for collaboration, version control, and general source code management. GitHub is used by everyone using open source software.

The danger of this leak is that iBoot is the first code that runs when you power up your iPhone. It validates the iOS signatures and ensures the device is secured. The code is from iOS9, but assume that much of that code hasn’t changed in the current iOS 11. Two concerns for Apple. Hobbyists can jailbreak phones and load non-Apple approved software on the device. Hackers can use this to load malicious code onto the device.

How could Apple have prevented this?

The source code is no different from a Word file. It’s content in a file. In this case, it’s content that should NEVER be seen outside the company. SecureCircle could automatically protect the source code files and all their derivatives. Only authorized users would be able to access the source code. All access to the source code would be logged. Today’s headlines would never exist.

SecureCircle ensures the security, visibility, and control of unstructured data from internal and external threats.