An anonymous user reportedly posted top secret iPhone source code on GitHub in what is being called the “Biggest Leak In History.” The source code was for a core component of iOS called “iBoot,” it’s what’s responsible for ensuring a trusted boot of the operating system. It’s the program that essentially loads iOS, the first process that runs when an iOS device is powered own.
iBoot loads and verifies that the kernel is properly signed by Apple before executing it. So you can imagine that it’s a pretty big deal for the iBoot source code to have been leaked online. The source code could enable jailbreakers and hackers to discover vulnerabilities in iOS and gain new, unauthorized ways to access the system.
The code is reportedly for iOS 9 which is no longer the latest iteration of the mobile operating system but reports suggest that parts of it could still be in use in iOS 11, the latest iteration of iOS.
Jonathan Levin, the author of multiple books on iOS and Mac OSX internals, calls this the “biggest leak in history.” He tells Motherboard that this is a huge deal as it appears to be the real iBoot code because it aligns with the code he has reverse engineered himself. Another security researcher told the scribe that they believe the code to be real as well.
Even Apple might have had to inadvertently confirm the authenticity of this leak when it sent a legal DMCA notice to get GitHub to take down the code. “The “iBoot” source code is proprietary and it includes Apple’s copyright notice. It is not open-source,” with this, Apple indirectly confirmed that the leaked code was real. GitHub took it down shortly after it received the notice.
It’s unclear who is behind this leak because it was posted on GitHub by an anonymous user. Apple hasn’t commented on the matter as yet.