Categories
iOS News security Software

iBoot source code leak traced back to low-level Apple employee

Last last week, the source code for iBoot, a core component of iOS, was leaked to GitHub.

Although the code was older, designed for iOS 9, it was quickly yanked from GitHub following Apple’s issuance of a DCMA takedown notice.

Per Motherboard, which contacted unnamed sources involved in the leaks and investigated screenshots, text messages, and more, the source of the leak was discovered.


As it turns out, the code originally came from a low-level Apple employee who took the code from Apple in 2016 to share with friends in the jailbreaking community. This employee wasn’t unhappy with Apple and didn’t steal the code with malicious intent, but instead was encouraged by friends to obtain the code to benefit the jailbreaking community.

The person responsible for the leak of the iBoot source code also leaked additional code along with the critical component.

“He pulled everything, all sorts of Apple internal tools and whatnot,” a friend of the intern told me. Motherboard saw screenshots of additional source code and file names that were not included in the GitHub leak and were dated from around the time of this first leak.

A friend of the person who leaked the code also offered the following comment:

“I personally never wanted that code to see the light of day. Not out of greed but because of fear of the legal firestorm that would ensue. The Apple internal community is really full of curious kids and teens.I knew one day that if those kids got it they’d be dumb enough to push it to GitHub.”

The code itself circulated widely in 2017 prior to ending up on GitHub last week. Many in the jailbreaking and iPhone research communities attempted to stop sharing, but the major public leak couldn’t be avoided.

Apple has confirmed the authenticity of the code, but stated that it’s been replaced and updated in iOS 11 and is in use only on a small number of devices.

The company offered the following statement:

“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

These layers of protection include the Secure Enclave, which does not rely on source code secrecy alone to keep its users safe. The leak could, however, make it easier for people to locate vulnerabilities to create new jailbreaks.

Stay tuned for additional details as they become available.

Via MacRumors and Motherboard