iBoot is the iOS code that ensures a secure boot by loading and checking that kernel is properly signed by Apple before running the OS. The version that was posted to Github, supposedly by a Twitter user named @q3hardcore, was for iOS 9, but much of it likely still exists in the latest version, iOS 11.
Fun thing about the DMCA: it required Apple to state, under penalty of perjury, that the iBoot source code was legit: https://t.co/PKHZqcEe6h
— Karl (@supersat) February 8, 2018
The code can’t be compiled because certain files are missing, but researchers and hackers who know what to look for could probe it for vulnerabilities. “This is the biggest leak in history,” author and security researcher Jonathan Levin told Motherboard. “The leaked sources of iBoot … bring us closer to a truly liberated iOS booted on generic arm boards and/or emulator,” he added on Twitter. Levin and other security researchers believe the code is the real deal.
iPhones used to be relatively easy to jailbreak before Apple introduced the “secure enclave co-processor” with the TouchID of the iPhone 5s. Now, it’s nearly impossible for hackers to even find bugs in iOS code, making iOS exploits relatively rare, unlike in Windows and Android. As such, the iBoot leak is exposing code that hardly anyone has seen before.
The iBoot dump first appeared last year on Reddit, but received little notice from the security community until it hit Github. Apple considers iBoot to be such a critical part of iOS that it offers $200,000 for vulnerabilities, the most in its bug bounty program. That means the release of the source code could amount to a gold rush for many researchers.