Building a slide deck, pitch, or presentation? Here are the big takeaways:
- A recent leak of iOS bootloader source code won’t impact iPhone security, according to Apple.
- Apple security is multi-layered, but users should still update to the latest possible version of iOS to make sure they’re protected.
An anonymous leak of iOS source code to GitHub won’t impact the security of iPhone users, Apple said.
In a statement provided to our sister site CNET, Apple said that the code was three years old, and is only one part of its approach to security. By design, “the security of our products doesn’t depend on the secrecy of our source code,” Apple wrote in the statement.
This is good news for iPhone users, as the leaking of source code typically fuels new vulnerabilities that can be exploited by hackers. However, the original leak was found to be associated with iOS 9, which is a few generations removed from the currently-available iOS 11.
SEE: Information security incident reporting policy (Tech Pro Research)
As noted by Jason Cipriani of our sister site ZDNet, iPhone users who have updated to iOS 10 are probably in the clear. Still, regular updates are a part of good security hygiene and would be advisable regardless.
“There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections,” Apple said in its statement.
The leak first occurred some time ago, when a portion of source code associated with the iOS bootloader was posted in a repository on GitHub. Apple then leveraged the Digital Millennium Copyright Act (DMCA) and filed a notice with GitHub to get the code removed, by proxy admitting that the code was indeed real.
Apple’s iOS source code has been a closely-guarded secret for some time, and many have argued that the company’s closed ecosystem is what contributes the most to its strong security. While Apple has said that the leak is essentially nothing for users to be concerned about, it makes one wonder whether Apple’s ecosystem is as roughly locked down as once thought.