Shortly after Apple learned of the leaked source code, the company issued a Digital Millennium Copyright Act (DMCA) takdeown request to Github, requesting its immediate removal. Apple’s DMCA request was published by Github and states that the reason for the request is because “the ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source.” Github complied with the request and removed it from the repository of a user named ZioShiba.
Although the leaked code appears to be for an older version of the operating system, iOS 9, it may contain relevant code still used in iOS 11. While Apple does make some portions of its code open source, iBoot has never been included and is closely guarded by the company.
The leak apparently began with a low-level Apple employee, according to a story on Motherboard. The story claims that friends encouraged the employee to share code to help them conduct security research. Motherboard also claims that iBoot was not the only sensitive code shared by the Apple employee; the story says it was provided with screenshots of additional code that was dated around the same time.
According to Motherboard, the Apple employee originally shared the iBoot source code with a group of five friends in 2016. The friends claim to have closely guarded the code, however, the group eventually began sharing the code with a wider group of people and eventually lost track of who had access to the code.
members of the original group that had access to iBoot believe the person who shared it on Github only obtained the code after they lost track of it. They claim that the code posted by ZioShiba was a copy of the code they received.
While ZioShiba was the first to post the iBoot source code on Github, this is not the first time the code has appeared online. Last year, a Reddit user named apple_internals published the same code on Reddit, however it failed to gain the same amount of attention. The code has also been circulating around jailbreaking groups in Discord.
Apple issued a statement assuring users that the leaked code was outdated and there is no need for alarm. “Old source code from three years ago appears to have been leaked but, by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
Since 2013, Apple has included a Secure Enclave chip on iPhones. It effectively creates a separate computer within the iPhone to store both encryption and decryption keys, as well as other sensitive data. Since Secure Enclave uses a physically embedded key to authenticate, it creates a scenario where it’s nearly impossible for hackers to access sensitive information by brute force.
Updated February 9: Clarified reason Apple employee leaked code.
