Why You Shouldn’t Worry
It’s always good to hear the origin story, but you shouldn’t be worried about this leak. First, the iBoot code is from iOS 9.3. Although parts of the code might still be in later versions of iOS, modern iOS doesn’t care about whether the code is hidden or not.
Jonathan Levin calling it the “biggest leak in history” is hilariously overblown. As a Redditor pointed out, “Many of the modern iOS security components aren’t based on being hidden, thinks [sic] like memory protection, kernel patch protection, the Secure Enclave. Basically, modern iOS doesn’t care if you know the source code as long as you can’t fake Apple’s private keys (Which nobody can) or find a chain of complex exploits (Which already exist for iOS 9 anyway, so the leak isn’t anything special).”
Besides, according to Apple’s statistics as of January 18, 2018, iOS 11 is installed on 65% of devices, iOS 10 is responsible for 28% and earlier versions make up 7%. Apple is probably more pissed that its intellectual property was stolen, not that it’s a security concern. You can be sure that the company will completely rewrite iBoot for future versions of iOS.
Android source code is always out in the wild but that supposedly isn’t a security risk – why do people think that 3 year old code for a small part of Apple’s iOS being publicised is a risk?
Whether this is a big deal or not is irrelevant. This kid will, and should, face serious charges. Start with grand theft and trafficking in stolen goods and move on from there. Secondly, this kid’s career in the tech industry is over. Nobody will trust him with anything more valuable than a ham sandwich. Sorry but I have no sympathy for someone who shoots themself in the foot when they knew the gun was loaded.
I completely agree. My intention wasn’t to downplay the seriousness of the issue, just to reassure that its highly unlikely to affect iPhone users.
Oh I understand completely. I apologize if this came across as directed toward you.