iPhone in a VM: US judges give security research a free pass

Apple has to live with the fact that Correlium offers virtualization software that allows security researchers to use the iPhone operating system iOS in a VM. A US appeals court has now dismissed Apple’s copyright lawsuit. A US court had already ruled against Apple at the end of 2020. The iPhone manufacturer has been taking action against the CORSEC software since 2019 – without success.

Correlium was founded in 2017. The company has developed the virtualization software CORSEC, which can be used to emulate various operating systems, including Android, iOS and Linux. This makes it possible for security researchers to look for vulnerabilities in iOS without having to use Apple hardware. Of course, the VM solution is not a cheap alternative: In the best case, CORSEC is available as a cloud variant that costs between 575 and 6000 US dollars per month. A version of the software that can be used locally can even cost hundreds of thousands of US dollars, depending on the configuration.

The iPhone VM CORSEC in action

The iPhone VM CORSEC in action

This is the interface of the CORSEC software, with which an iPhone can be virtualized.

(Image: Correlius)

In contrast to the Apple hardware, the virtual solution offers a number of advantages: For example, processes in the VM can be stopped and examined more closely, as the court documents show. It is possible to make changes to the kernel and gain access to the file system that Apple actually locks away in iOS. However, various core functions of the iPhone cannot be used, such as making calls, sending text messages, downloading from the App Store, navigation or taking photos. Apple itself has shown interest in taking over the manufacturer of CORSEC – the negotiations, however, ended inconclusively. Apple then took legal action. Security researchers feared negative effects on their work.

Apple’s accusation was that Correlium had violated the iPhone manufacturer’s copyright. However, the court of first instance, supported by the Court of Appeal, found that Correlium had made use of Apple’s software in accordance with the so-called fair use rule. Using it for security purposes is a transformative use of the software because it leads to scientific knowledge. In addition, iOS was classified by the judges as functional operating software – so the copyright is partially not applicable. In addition, Correlium uses the iPhone operating system in a way that does not run counter to Apple’s actual sales goal. Thus, the incentive for Apple to further develop iOS remains strong.

Apple itself did not want to comment on the verdict to the US financial news agency Bloomberg.

More from Mac & i

More from Mac & i

More from Mac & i

More from Mac & i


To home page

Related Posts

Hot News


usefull links

robis robis robis