The code is said to be from iBoot, the secure boot-up portion of iOS, and its release into the wider world means that it could help those with malicious intent to circumnavigate Apple’s security measures, via “jailbreak” software or by exploiting vulnerabilities.
iBoot is the first process that runs when you turn on you iOS device, and its this program that ensures that the device is secure and functioning as it should. The security implications for the release of even part of its source code, then, are obvious.
Apple acted quickly, issuing a DMCA legal takedown request to GitHub, who subsequently removed the code. The DMCA request in this case refers to the fact that the iBoot source code is Apple property, and therefore copyrighted to them. However, even with GitHub’s takedown, the code was already copied, and is now in circulation elsewhere on the web.
iOS internals expert Jonathan Levin told Motherboard:
This is the biggest leak in history. It’s a huge deal.
One of the main potential issues following this leak is that an individual might find a vulnerability in the source code, they could theoretically bypass iBoot’s security check, sneaking non-Apple-approved software onto the device. However, this would not allow a hacker to bypass the device’s cryptography security, meaning the data on the device may still be safe.
Apple have invested a lot in firming up its security in the last few years, resulting in the Apple bug bounty program, which offers $200,000 to individuals who find bugs and vulnerabilities in iOS firmware.
Is Levin overestimating how much of a risk this poses to Apple? Only time will tell.