iBoot source code on GitHub

An anonymous user has uploaded what appears to be the source code of iBoot —the iOS secure bootloader— on GitHub, and all evidence suggests the code is authentic.

A link to the source code became viral last night on Twitter, and drew Apple's attention, prompting the company to send a DMCA takedown request to GitHub to take down the repository.

iOS experts who managed to grab a copy or had a chance to analyze it said the code is from iOS 9.3, released in March 2016.

Despite being almost two-years-old, the iBoot code usually receives very few modifications from version to version, and large chunks of the code are most likely still used with modern iBoot versions.

The code's availability would allow both jailbreakers and hackers to analyze its internal structure for possible bugs they could exploit —for jailbreaking devices or installing malware.

Code leaked four months ago

Copies of the iBoot source code are now being shared among jailbreaking aficionados via private file sharing sites, such as Mega.nz, and others.

New repositories containing copies of the leaked source code are also popping up on GitHub once every few hours.

Security researchers said the code actually leaked four months ago when a user shared a link on Reddit that was, at the time, automatically removed because of user posting requirements, hence ignored.

In spite of Apple receiving numerous requests for comment from news organizations, including us, Apple has been quiet on the incident, not wanting to admit to the code's origin.

Despite the leak, some security experts don't consider this to be an issue, as the iBoot source code has often been reverse-engineered as part of day-to-day bug hunting operations and scientific research. Inaccurate copies have always existed in the past years, and the entire attention the leak is getting might be blown out of proportion.

Related Articles:

Apple Releases Security Updates for iOS and iCloud, Fixes Passcode Bypass

iOS 12 Patches Memory Bugs, Safari 12 Fixes Data Leaks

Chrome 69 for iOS Moved Navigation Bar to Bottom of Screen & Users are Unhappy

Apple's Safari Falls For New Address Bar Spoofing Trick

Roaming Mantis Group Testing Coinhive Miner Redirects on iPhones