Key source code for iOS's iBoot leaked on GitHub

Key source code for iOS's iBoot leaked on GitHub

The source code for the main component of Apple's iBoot system was leaked Wednesday on GitHub, a site widely used by programmers to store their code.

According to a report by the Motherboard, the source of the leak is not clear. Experts have already confirmed the legitimacy of the code, which is for the iOS 9.3.x release, an older version of the system; however, some portions of it are still being used in the latest iOS 11.

The code labeled as "iBoot" is responsible for ensuring a trusted boot of the iOS, verifying the kernel is properly signed by Apple. Apple wanted to keep the code under lock due to its sensitive nature. With the code out in the open, jailbreaking the device and finding vulnerabilities will be easier for those who are interested in finding flaws in the operating system.

Jonathan Levin, an author of several books on iOS and macOS development, told Motherboard that it was "the biggest leak in history," which appeared to be the real iBoot code because it aligns with the code he reverse-engineered himself.

Even though Apple did not openly confirm the code's legitimacy, the company sent a legal notice demanding GitHub take down the code a few hours after it was shared. Apple said that "the 'iBoot' source code is proprietary and it includes Apple's copyright notice. It is not open-source." GitHub took down the code soon after.

"iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image," Levin said. "And now it's wide open in source code form."

Share on Facebook Share on Twitter