Apple’s iPhone source code leak has been blamed on a low-level employee at the company, with a new report suggesting there could be more leaks to come. The iBoot source code download which hit GitHub earlier this week has been described as the biggest leak ever but, according to insiders with knowledge of what took place, it came from a relatively humble source.
The code appeared online on Wednesday, and quickly surprised Apple-watchers with just what had been publicly released. iBoot is Apple’s bootloader, one of the earliest processes which launches when you first power up an Apple device. It’s responsible for doing all manner of security checks, as well as choosing which software to load.
Apple countered suggestions that it was a huge security issue, arguing that few people – if indeed any at all – would be affected by iBoot’s leaking. It also highlighted the fact that it was from iOS 9, which is now several versions old. All the same, it hit GitHub with a DMCA request to have the hosted files taken down.
What was unclear until now is just how iBoot got loose. According to Motherboard, it was down to a “low-level Apple employee” who worked at the company in 2016, around the time of iOS 9. That employee was apparently encouraged by friends from the Jailbreaking community to pull source code and internal tools from Apple’s servers.
Initially, the employee only shared the code with a handful of friends. Indeed the intention was never to leak it, multiple people involved insist. Nonetheless, at some point there were just too many shared copies involved, and the group lost control over who would have access.
It wasn’t just iBoot’s code, however. Additional code, yet to be leaked, was also taken, Motherboard reports. It’s unclear at this stage what that might have been.
Apple, for its part, continues to downplay the severity of the current leak. “By design the security of our products doesn’t depend on the secrecy of our source code,” it said in a statement following Wednesday’s distribution on GitHub. “There are many layers of hardware and software protections built into our products.”
Nonetheless there are concerns among some that the code could be “weaponized” by people with nefarious intent. Those involved originally say they did all they could to delay a leak until the chance of that coming true was minimized by virtue of new versions of iOS being released. It’s unclear at this stage whether Apple is working on hunting down the original person responsible, though given the company’s attitude toward secrecy that doesn’t seem an unlikely thing to happen.