This week the bootloader source code for iOS seems to have leaked in its entirety. Apple would appear to have sent a DCMA takedown notice to Github, where the code was leaked, this indicating the code posted was of some large consequence. This is a big deal because it will likely lead to custom software for the latest iPhone devices. This is also a big deal because it could potentially lead to some nefarious parties finding their way in to Apple devices with a bit of reverse engineering – but don’t worry. Apple’s aware of what’s up.
“Old source code from three years ago appears to have been leaked,” said Apple in a statement this morning. “But by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built in to our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
After our original article earlier today, a DCMA notice was sent to GitHub by Kilpatrick, Townsend & Stockton LLP, and was made for Apple by said legal group. The original iBoot file posted to GitHub was released by user ZioShiba, a user who’d made 9 contributions to projects in the last year. The DCMA included the following line: “Content Type: Reproduction of Apple’s ‘iBoot’ source code, which is responsible for ensuring trusted boot operation of Apple’s iOS software. The ‘iBoot’ source code is proprietary and it includes Apple’s copyright notice. It is not open-source.”
This release will not mean that all iPhones will see a downgrade, nor that a jailbreak will be released immediately. This release does not mean that an iPhone will be able to run any other sort of software, and we almost certainly won’t be able to dual-boot operating systems as a result of this. And no, we won’t be linking to the download location(s) of the files beyond those that were on Github. Once a file is on the internet, it’s out in the wild and ripe for reproduction – but we certainly won’t be sharing the download URLs here, of that you can be sure.
The original leaker of this information is unknown, but sources have suggested that the first, or one of the first places this was posted was the post list of Reddit user u/apple_internals – other than GitHub, that is to say. This is the same user who submitted iBoot source codes through Mega 4 months ago. According to Apple External, this is the SRC for 9.3.x. – this is of little consequence to anyone outside the realm of deep-dive Apple history. This isn’t the first time similar codes have been leaked, but it would appear that this is the most comprehensive leak of such files in Apple history.
This release will likely push Apple to release a new version of iOS as soon as possible – or at least a security update in the meantime. Stick around for the notification for new software on your iPad, iPhone, iPod touch, and other devices very soon.