iOS 9 Source Code Posted to GitHub in Unprecedented Leak [u]


Apple source code for iBoot, the part of iOS that ensures a trusted boot of the iPhone’s operating system, has purportedly been leaked to Github, giving hackers a deeper look at the inner workings of the Cupertino company’s closed garden.

According to a report from Motherboard, an anonymous user has uploaded what appears to be the source code of iBoot — the iOS secure bootloader — on GitHub, and all evidence suggests the code is authentic.

“This is the biggest leak in history,” Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, said. “It’s a huge deal.”

A link to the source code became viral last night on Twitter, and drew Apple’s attention, prompting the company to send a DMCA takedown request to GitHub to take down the repository. iOS experts who managed to grab a copy or had a chance to analyze it said the code is from iOS 9.3, released in March 2016.

The code is tied to iOS 9, but some aspects of it are likely still valid in iOS 11, the latest version of Apple’s mobile operating system. For so long, these codes have been well kept under wraps, as Apple has been very hesitant on sharing them openly with the public.

iBoot, in particular, is a highly critical component. In fact, users who find bugs or vulnerabilities in the bootup process can receive as much as $200,000 as part of the company’s bug bounty program, Motherboard reports.

The GitHub repositories containing the leaked iBoot source code have been taken down and replaced with a DMCA notice from one of Apple’s law firms, Kilpatrick Townsend & Stockton, which cites Apple‘s ownership. The DMCA takedowns have also been applied to over a dozen cloned iBoot repositories.

In a section explaining the reasons for the takedown and content type, the law firm says the notice covers “reproduction of Apple’s iBoot source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software. The iBoot source code is proprietary and it includes Apple’s copyright notice. It is not open source.”

While the leak will probably not have any widespread repercussions for the vast majority of Apple device users, it will be of interest to those who want to sift through firmware code looking for unexplored ways to fiddle with iPhones and iPads.

Update Feb. 8: Apple told CNET the following statement:

“Old source code from three years ago appears to have been leaked,” Apple said in a statement, “but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”


  • swotam

    This article should probably mention, as stated in the Motherboard article, that this source code was posted to Reddit several months ago so it’s not a “new” leak, and it’s likely that in the months since it appeared on Reddit that Apple has taken steps to minimize or mitigate any issues that may come as a result.

  • It’s Me

    that Apple has taken steps to minimize or mitigate any issues that may come as a result.

    Unfortunately, the fact that it leaked earlier doesn’t make it any likelier that Apple has taken steps to address any bugs. They bugs are there or they are not. It’s not as though the leak make Apple’s code reviews suddenly better. They only thing it might have done it amp up the urgency.

    If one assume Apple invests significantly in and follows best practices for code reviews and code and security audits and analysis, then the fact that this leaked earlier doesn’t make those practices better. The increased urgency might mean imposing higher standard.

    if the bugs were glaringly obvious and Apple had for some reason previously just ignored them, then those bugs would be more likely to have been addressed months ago, but I assume Apple fixes known bugs as quickly as possible in this particular component.

  • BigCat

    Yes, as you suggest Apple certainly will have taken steps months ago to change it up a little (iBoot code). At the very least.

    Even though there have been some coders who have deciphered parts of this code through reverse engineering. Their work to a degree is an interpretation of the actual code. This leak provided the actual process line by line, no guessing required. Its like losing your playbook to the other team.

  • Updated with Apple’s latest statement on the matter.