Suddenly crucial pieces of the code destined to power millions of iPhones and iPads were laid bare for all to see making it a doddle to find security weaknesses in Apple’s flagship software.
The Tame Apple Press insists that is all deliberate and the secretive company may have adopted a bold new strategy intended to encourage more people to report bugs in its software. However, the smart money is on the fact that this is a cock-up.
Apple has so far said it would strengthen security and privacy features and yet here it is showing an unencrypted version of the Kernel which controls how programs can use a device’s hardware and enforces security.
The Tame Apple press insists that does not mean that the security of iOS 10 is compromised. Butit makes finding flaws easier and reduces the complexity of reverse engineering considerably.
However on the plus side opening the iOS for anyone to examine could weaken the trade in holes market by making it harder for certain groups to hoard knowledge of vulnerabilities and make the iOS more stable.
However for that to happen it would require such a psychological change in Apple that it is nearly impossible to consider. For a start, Apple would have to admit that there is a flaw and fix it straight away. Apple’s current policy when notified if there is a flaw is to ignore it until enough people complain and then issue a patch a few months later.
Apple does not offer “bug bounty” cash payments to people that disclose flaws they have found in its products, for example. So if you reverse engineer or find a hole in the iOS you would never take it to Apple, you would flog it to the government, or one of those dodgy security outfits which help them.