The iOS 9 iBoot source code published this week is old and shouldn’t pose a threat to people who keep their iPhones and iPads updated, Apple said on Thursday.
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” the company told AppleInsider. “There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
Users who keep their device up to date with the latest iOS versions should be well protected against potential vulnerabilities, and judging from Apple’s own metrics a majority of users — 93 percent — are running iOS 10 or above.
Sill, the company has had the code removed from GitHub via a DMCA takedown notice, but not before it spread to other locations online.
iBoot is essential to loading iOS, for instance verifying kernel signing. Hackers could theoretically use source code to uncover vulnerabilities, though it’s not clear how much of iOS 9’s code has carried over to iOS 11, and other security measures are in place —such as the hardware-based Secure Enclave, which stores critical Face ID and Touch ID data.
Apple offers a $200,000 bounty to security researchers who discover holes in iBoot, given the potential damage a successful hack could cause. Even without malicious intent hackers could produce new jailbreaks —something Apple is keen to prevent both for security and to keep people paying at the App Store.