iOS 9’s iBoot system source code reportedly leaks online

Apple’s iBoot system, which is responsible for ensuring secure boot up of iOS, has purportedly leaked, reports Motherboard. The source code for iBoot system was pushed on GitHub earlier today and is now taken down by Apple under DMCA.

iBoot verifies if the kernel is signed by Apple during the boot up time on your iOS device; very much like “iPhone’s BIOS,” if we put this in Motherboard’s term. The iBoot source code is for iOS 9.x, which is now two generations old, but it is possible that some portions of it are still being used in iOS 11. While the code cannot be compiled due to missing files, it can be used for analysis and finding security vulnerabilities.

Speaking to Motherboard, Jonathan Levin, author of iOS and MacOS X Internals, said “this is the biggest leak in history,” while also verifying the source code as “it aligns with code he reverse engineered himself.” Levin also mentions that gaining access to iBoot makes it easier for finding vulnerabilities that could lead to jailbreaking or compromising the device.

This is the SRC for 9.x. Even though you can’t compile it due to missing files, you can mess with the source code and find vulnerabilities as a security researcher. It also contains the bootrom source code for certain devices…

— Apple External (@Apple_External) February 6, 2018

We don’t know if this leak is really legitimate or who’s behind the leak. Apple hasn’t commented on the leak yet, however, a DMCA takedown notice has already disabled the GitHub repo.