Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve.
The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS.
The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11.
Apple has traditionally been very reluctant to release code to the public, though it has made certain parts of iOS and MacOS open source in recent years. But it has taken particular care to keep iBoot secure and its code private; bugs in the boot process are the most valuable ones if reported to Apple through its bounty program, which values them at a max payment of $200,000.
“This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, told me in an online chat. “It’s a huge deal.”
Levin said the code appears to be the real iBoot code because it aligns with code he reverse engineered himself. A second security researcher familiar with iOS also said they believe the code is real. We don’t know who is behind the leak. Apple did not respond to a request for comment.