Someone has reportedly posted the alleged source code for the iOS bootloader, iBoot, potentially opening a door to hackers and jailbreakers, which can help identify vulnerabilities in Apple's mobile operating system.
Motherboard reports that the iBoot source code is from iOS 9 and was leaked via GitHub. Even though the code is from an older one version of iOS, parts of it probably remain the same in the current iOS 11.
IBoot is a key part of the iOS bootstrap safe chain, a highly sensitive process that runs when you turn on an iOS device.
The secure boot chain ensures that the lower levels of software in the operating system are not altered and only loads the software digitally signed by Apple.
Because of the sensitivity of the feature, Apple is also offering the highest reward ($200.000) in its iOS bug bounty program to researchers who discover vulnerabilities in firmware startup.
Jonathan Levin, author of many books on developing iOS and OS X, said the source code of iBoot seems to be real, as it seems to fit in the code he was doing reverse-engineering itself.
It is currently unknown who leaked the source code on GitHub but it first surfaced four months ago via a Reddit link posted by a user called 'apple_internals'. The leak was originally hosted by Mega and is no longer available.
Of course, Apple is trying to protect its code and so the GitHub page that contained the iBoot source code was replaced with a DMCA notice by an Apple law firm (Kilpatrick Townsend & Stockton). DMCA announcements have also been implemented in over a dozen iBoot cloned repositories.
