Earlier this week on Github, A user named “ZioShiba” posted the source code for iBoot, a core component of IOS. The code was old, for a version of iOS 9, but even today, it could help iOS security researchers and the jailbreak community find new bugs and vulnerabilities in a key part of the iPhone’s locked-down ecosystem. As this happened, it was quickly pulled from GitHub after Apple issued a DMCA takedown notice.
Apple released a statement that the leak of the iBoot source code is not a security risk for most—if any—users, well will it be true? How does something like this happen?
“Old source code from three years ago appears to have been leaked, but by design, the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
Motherboard got in touch with unnamed sources who were involved in the leak and investigated screenshots, text messages, and more, to determine just how it happened.
The code originally came from a low-level Apple employee who took the code from Apple in 2016 to share with friends in the jailbreaking community. This employee wasn’t unhappy with Apple and didn’t steal the code with malicious intent, but instead was encouraged by friends to obtain the code to benefit the jailbreaking community. The person took the iBoot source code–and additional code that has yet to be widely leaked–and shared it with a small group of five people.
The original group of five people who were provided with access to the code didn’t intend to share it, but it somehow got out. From one of the original people involved. The code began circulating more widely in 2017 and picked up in popularity late in the year before ending up on GitHub this week. Many in the jailbreaking and iPhone research communities attempted to stop sharing, but the major public leak couldn’t be avoided. According to the unnamed people who spoke to Motherboard, what leaked wasn’t the “Full leak.” “It’s not the original leak-it’s a copy,” said one source.