In the past week, unknown parts of the source code of the iOS bootloader iBoot had been put on the Internet. As it turns out, no clever hackers had stolen the data. Instead, an intern had let the code go. Apple had swiftly assured that the source code of iBoot published on Github was not a security risk. The code used for iOS9’s boot-up process would be three years old and out of date.
Likewise, the security of iOS devices does not depend on the secrecy of the software base. Instead, all iPhone and iPad devices would be backed up by “many layers of hardware and software protection.” Nevertheless, the leak allows of course a glimpse of Apple’s code base, can help identify even in current iOS versions possible vulnerabilities or evidence of future Apple products.
Above all, the leak has duped the iPhone group but pretty much. For he had announced only last year preferably before rigid against leaks. As it turned out, no hackers or ex-Apple developers were responsible for the leak, but a former intern of the iPhone group. He had, as reported motherboard, worked in 2016 in Apple’s headquarters. He could easily have copied and smuggled out the source code and “all sorts of internal Apple tools and whatever”. He passed the data on to five friends who were involved in the jailbreaking community. It has been determined that especially the source code of iBoot does not leave the group. Among other things, the friends wanted to prevent so that he falls into the hands of hackers who could use him for attacks on the devices.
However, the source code was ultimately shared more generously than agreed, and went “to someone who should not have it.” This deprived friends of control. Already months before the publication on Github he circulated therefore in different forums, Discord channels and also on Reddit. Apple is said to have been informed for some time about the run-bootloader. However, the data publicized on Github would only represent fragments of the originally stolen source code. Who published them on the platform is still unclear. Meanwhile, Apple has let the leak. It is questionable whether and how the company could now proceed against the former trainee.
