An anonymous user has uploaded what appears to be the source code of iBoot —the iOS secure bootloader— on GitHub, and all evidence suggests the code is authentic.
A link to the source code became viral last night on Twitter, and drew Apple's attention, prompting the company to send a DMCA takedown request to GitHub to take down the repository.
iOS experts who managed to grab a copy or had a chance to analyze it said the code is from iOS 9.3, released in March 2016.
Oh, Apple. Hah.— Dæl (@dalehay) February 7, 2018
Source code for iBoot (iOS 9.3) has been leaked. Someone's getting fired and/or shot.
Just having a wee ganders through the source myself... pic.twitter.com/5c52K9H5sF
Despite being almost two-years-old, the iBoot code usually receives very few modifications from version to version, and large chunks of the code are most likely still used with modern iBoot versions.
The code's availability would allow both jailbreakers and hackers to analyze its internal structure for possible bugs they could exploit —for jailbreaking devices or installing malware.
Copies of the iBoot source code are now being shared among jailbreaking aficionados via private file sharing sites, such as Mega.nz, and others.
New repositories containing copies of the leaked source code are also popping up on GitHub once every few hours.
Security researchers said the code actually leaked four months ago when a user shared a link on Reddit that was, at the time, automatically removed because of user posting requirements, hence ignored.
I love how this iBoot source leak has been sitting publicly on Reddit for 4 months... wow.— Siguza (@s1guza) February 7, 2018
In spite of Apple receiving numerous requests for comment from news organizations, including us, Apple has been quiet on the incident, not wanting to admit to the code's origin.
Despite the leak, some security experts don't consider this to be an issue, as the iBoot source code has often been reverse-engineered as part of day-to-day bug hunting operations and scientific research. Inaccurate copies have always existed in the past years, and the entire attention the leak is getting might be blown out of proportion.
iBoot source leak isn’t as interesting as everyone is making out. It’s been circulated between people for years, surprised it took this long to leak such an old build honestly.— nullpixel (@nullriver) February 7, 2018