A portion of iOS’s source code was leaked online yesterday and quickly removed after Apple filed a takedown notice with GitHub, where the code was posted. The leak, which was first reported by Motherboard, was for an iOS process named “iBoot” that starts up the system when you first turn on your iPhone and ensures the code being run is valid and originates from Apple. It was posted to GitHub at this link, which is now down.
The leak could allow hackers to discover iOS vulnerabilities more easily and make creating iPhone jailbreaks simpler, even in the face of Apple’s tightened security measures. Although the code has now been taken down, there are still backups of it circulating on the web, as mentioned by a post on r/jailbreak. Jonathan Levin, who writes books about iOS and macOS system programming, told Motherboard that considering how careful Apple is to safeguard against leaks, he believes “this is the biggest leak in [its] history.”
Lawyers acting on behalf of Apple described the leak as a “reproduction of Apple’s ‘iBoot’ source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software.” The takedown request said that, “The ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source.” While the code was for iOS 9, parts of it could still be used in iOS 11.
In addition to the takedown notice, Apple itself confirmed that the leak contained legitimate code, however the company dismissed potential security implications. Apple told TechCrunch in a statement, “Old source code from three years ago appears to have been leaked but by design, the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products.”