A couple of days ago, Apple"s iBoot source code got leaked on GitHub. Although it was promptly taken down, many people still managed to upload it to other websites in time. The iBoot software is a core component of iOS, and considered highly sensitive.
Now, a recent report by Motherboard has revealed that code was originally leaked by a former Apple intern. The employee also possesses additional source code that was not included in the original leak; whether that code leaks one day, or has already been leaked and went unnoticed, remains to be seen.
As per the report, the intern who stole the iOS source code originally distributed it to five of his friends who were part of the iOS jailbreaking community. Although it was initially decided that the code would not be circulated outside this small group, it eventually spread beyond their control. At some point, it was shared on a Discord chat group, and then, around four months ago, it popped up on Reddit, going largely unnoticed at the time, perhaps due to the AutoModerator deleting the post. However, the code was published on GitHub a couple of days ago, which is when the leak started getting a lot of coverage.
According to one of the aforementioned friends, the former intern managed to steal "all sorts of Apple"s internal tools". This corroborates with Motherboard"s verification that additional source code and file names that were not part of the GitHub leak were spotted in screenshots of the code.
Two of the people from the original circle of five stated that they never wanted the code to spread due to fear of legal action. However, no one from the group has confirmed leaking the code to any outsiders, and the identities of all five remain anonymous. The former intern declined to give any statement to Motherboard, referring to a non-disclosure agreement he had signed with Apple.
Interestingly, despite an iPhone researcher calling it the ""biggest leak"" in iPhone history, the company itself has stated that the iBoot code leak does not impact the security of current devices. As the source code is from iOS 9, any potential security issues have possibly been fixed in the past couple of years. However, keeping in mind that according to Apple"s statistics, millions of devices still run iOS 9 or below, plenty of iPhone users could potentially face security concerns if any security vulnerabilities in the code are exploited.
Source: Motherboard via The Verge