The source code for iBoot, the secure boot portion of Apple's iOS operating system, was leaked by a low-level intern at the company as a favour to his security researcher friends, according to anonymous sources speaking to Motherboard.
The publication of the iBoot source code earlier this month was a major embarrassment for Apple: While dating back to iOS 9, two versions out of date, the proprietary code details the boot process by which an iOS device verifies that the operating system it is executing is genuine Apple software - meaning that analysis of its intricacies will likely open up vectors for the installation and execution of non-Apple code, potentially even on devices running the latest iOS 11 release.
While Apple confirmed the legitimacy of the leaked code, it did not provide an opinion on exactly how the source code for a critical portion of its most popular operating system went walkabouts - but Motherboard claims to have verified information from sources it is keeping anonymous claiming that it was not an external attack but a well-meaning though misguided low-level intern who was to blame.
According to the site's sources - whose information has been corroborated with text messages and screenshots from when the information was originally leaked as well as with an unnamed third party familiar with the events - the intern originally leaked the code privately to friends in the jailbreak and security research community. These five friends were supposed to keep the source code to themselves, but - as is to be expected - it was eventually disseminated widely until eventually ending up in a public repository on GitHub.
For Apple, the claims bring further unwelcome news: Additional code was stolen and leaked at the same time as the iBoot source code, including 'all sorts of Apple internal tools and whatnot', which were provided to the original circle of friends but have not yet been publicly published - meaning there could be more to come if whoever was responsible for leaking the iBoot code outside the group of six original recipients was as slack with the remainder. On the other hand, the news that Apple's internal systems have not been breached by an outside attacker is to be welcomed - if, of course, the sources' claims ring true.
Apple declined the site's request for comment on the matter.
January 24 2020 | 12:00