Apple source code for iBoot, the part of iOS that ensures an authenticated boot, or initial loading of the operating system on iPhone or iPad, has been leaked by an anonymous user on GitHub, a popular online platform for software developers.
Apparently, the iOS source code is from iOS 9.3 released in March 2016, reports Motherboard. Although the leak is from iOS 9.3, which is almost two-years-old, some of the code from iOS 9 likely still exists in iOS 11.2.5. However, it is completely not relevant to the current iOS.
Even though one cannot compile the source code due to missing files, it can however be analyzed to find any vulnerabilities, say security researchers. The leak could pave way for jailbreakers and hackers to break more easily into iPhones, explore its vulnerabilities and compromise a device or possibly contribute to a jailbreak.
Jonathan Levin, author of several books on programming for iOS and macOS and the developer behind the LiberiOS and LiberTV jailbreaks said that, “This is the biggest leak in history. It’s a huge deal.” He also pointed out that the leaked code “aligns with the code he reverse engineered himself”.
In a tweet, Levin noted that “The leaked sources of #iboot (along with the arm64 #xnu branch which AAPL just.. released) bring us closer to a truly liberated #iOS booted on generic arm boards and/or emulator! The road is still long, but it got considerably shorter!”
Interestingly, the same source code was also published on Reddit four months earlier by a user named apple_internals. However, back then, the message did not attract attention and was automatically removed due to daily inflow of new user posting requirements.
Although Apple issued a DMCA takedown notice for the code and GitHub has disabled the repository, it’s already out there to exploit. Currently, no exploits have been made, which means that there is nothing to worry. Also, it is important to note that modern iOS devices have protection in the form of the Secure Enclave.
Motherboard consulted security experts who have confirmed that the code appears to be legitimate. However, Apple hasn’t officially commented on the leak yet and thus the final authenticity remains unproven.