Corellium allows customers to create and interact with virtual iOS devices — a software iPhone, for example, running actual iOS firmware, all within the browser. Apple says this is copyright infringement, and is demanding Corellium stops “all uses of” its iOS virtualization products and pays Apple unspecified “damages and lost profits.”
Corellium could allow, for example, a security researcher to quickly fire up a simulated iPhone and hunt for potential bugs. If one is discovered, they can quickly load up prior versions of iOS to see how long this bug has been around. If a bug “bricks” the virtual iOS device and renders it unusable, it’s a matter of just booting up a new one rather than obtaining a whole new phone. Virtualized devices can be paused, giving researchers a detailed look at its precise state at any given moment.
Forbes did a deep dive on the company last year. As they point out, two of the company’s co-founders were some of the earliest members of the iPhone jailbreak scene, giving them an understanding better than nearly anyone else in the world as to how iPhones, iPads, etc. work under the hood.
In its complaint, Apple writes:
The product Corellium offers is a “virtual” version of Apple mobile hardware products, accessible to anyone with a web browser. Specifically, Corellium serves up what it touts as a perfect digital facsimile of a broad range of Apple’s market-leading devices—recreating with fastidious attention to detail not just the way the operating system and applications appear visually to bona fide purchasers, but also the underlying computer code. Corellium does so with no license or permission from Apple.
This news comes just days after Apple announced that it would be launching an “iOS Security Research Device Program,” in which select security researchers would be given access to less-locked-down iOS devices in order to help them find vulnerabilities.