Apple has lost a copyright battle against security company Corellium, a company that virtualizes iOS for security research. Apple sought a permanent injunction against Corellium and wanted the company to destroy its software and pay for damages, lost profits, and lawyer fees (via The Post).
The lawsuit is case number 19-81160-CIV-SMITH in the United States District Court in the Southern District of Florida.
Apple vs. Corellium
Founded in 2017, Corellium runs emulation software that lets it run virtual iOS devices. Its customers use it in security research to find bugs and other security issues in iOS. One such customer is Azimuth Security, whose founder told Motherboard that it has never reported a bug to Apple that it found using Corellium.
Apple’s lawsuit also alleged that Corellium infringed on its copyright with its software under the Digital Millennium Copyright Act by circumventing Apple’s security. That particular claim has not been dismissed; instead the judge said: “Weighing all the necessary factors, the Court finds that Corellium has met its burden of establishing fair use. Thus, its use of iOS in connection with the Corellium Product is permissible.“
Apple Security Program
Instead of using virtualization software, Apple wants security researchers to use special iPhones. Apple launched its Security Research Device program in July. Each device will have shell access available to run any tools and entitlements. They remain Apple’s property but can be leased on a 12-month basis.