Part of the iOS boot code, called iBoot, was posted on GitHub yesterday for anyone to view—and without Apple’s permission. Apple filed a copyright takedown request and the code was gone Thursday morning, but not before hackers and security researchers were able to get at it, making this the biggest leak Apple has ever faced.
The iBoot code handles the first steps in the iPhone and iPad startup process including verifying the iOS kernel (the operating system’s core) is valid and properly signed. Assuming the kernel passes inspection, iBoot loads it and lets the startu process continue.
The code that found its way to GitHub—an online repository and code management system—was for iOS 9. It’s very likely some of that code is still in iOS 11, which makes the leak a potential treasure trove for hackers, security researchers, and governments hoping to find exploits into iPhone and iPad encrypted data.
Motherboard says no one knows who was behind the code leak. Security researchers told the publication their checks show the code is legit and really is part of iOS 9.
Apple confirmed as much with its take down request. Part of the DMCA requirement for the request was Apple’s assertion that the code is real and belongs to the company, and that it isn’t in the public domain.
This is the second time iOS 9’s iBoot code has been posted online. Someone posted it to the Reddit jailbreak subreddit four months ago, but was largely ignored. Considering this is the second time the code leaked, and it’s been downloaded from GitHub multiple times since yesterday, Apple has a couple big problem on its hands: what vulnerabilities will people find, and how someone could leak the code in the first place.