"The release of the iBoot code demonstrates that vendors can't take it for granted that source code will always remain hidden", said Andy Kays, CTO of United Kingdom security firm Redscan. Source code for iBoot, one of the key components in iOS that runs iPhones and iPads, was posted on GitHub. The source code could enable jailbreakers and hackers to discover vulnerabilities in iOS and gain new, unauthorized ways to access the system.
Apple's secret source code for a vital part of the iPhone's operating system was leaked on the code-sharing server site GitHub on Wednesday, Motherboard reported. You can imagine the damage hackers can do to iPhone users if they find some nice little holes in iBoot thanks to the leak.
Named iBoot, the code is kept private - like every other piece of code developed by Apple.
Following the leak of the company's source code, Apple has since issued a take-down notice to GitHub to prevent the iBoot source code from being distributed online.
Jonathan Levin, an author who penned a book series on iOS and Mac OS X, told Motherboard, "This is the biggest leak in history". The original iBoot file posted to GitHub was released by user ZioShiba, a user who'd made 9 contributions to projects in the a year ago. He also pointed out that the leaked code "aligns with the code he reverse engineered himself". "Reproduction of Apple's "iBoot" source code, which is responsible for ensuring trusted boot operation of Apple's iOS software".
The iBoot dump first appeared a year ago on Reddit, but received little notice from the security community until it hit Github. The takedown request said that, "The "iBoot" source code is proprietary and it includes Apple's copyright notice. And now it's wide open in source code form", Levin continued.
However, the outlet also noted that the leak could be used for good, potentially leading to users being able to bypass Apple's secure boot chain to loan custom operating files.
It is very likely that the code may have been spotted and was circulating in the jailbreaking and hacking community.