Earlier this week, a major chunk of Apple’s proprietary iOS source code was leaked on GitHub anonymously. It was related to one of the most significant components of the iOS operating system, the bootloader, on the iPhone.
This caused mass panic in the tech community but the Cupertino giant yesterday put out an official statement and asserted that the leaked iOS code was real and stemmed from iOS 9 (we’re running iOS 11 now), which was launched over three years ago. It also sent a copyright takedown claim to GitHub and we thought the situation was all done and dusted.
Well, the plot thickens. New information has been unearthed by Motherboard, which uncovered the code leak in the first place. The publication has put out a follow-up and claims Apple’s iOS boot source code was leaked by a former employee, i.e an intern.
According to sources connected to this development, the intern took the code from Apple and distributed it to a small group of five individuals from the iOS jailbreaking community. He is also said to have moved out with a variety of internal tools and proprietary software.
This was not an intentional move to sabotage Apple like one may believe at first.
“The person who stole the code didn’t have an axe to grind with Apple. Instead, while working at Apple, they were encouraged to use their access to help their friends in the jailbreaking community with their security research by leaking them internal Apple code. And they did.”
The so-called “biggest leak in history” is just a small piece of what could be leaked and additional source code for iOS could still be floating out there. This has confirmed by sources and there is currently no way to pinpoint the leakster because the code was shared a long time ago and could now be with more individuals.
As for how the code was passed around, the Apple intern sent the internal iOS code to a jailbreaking group who had planned to use it to move past iPhone’s defenses. Then the piece of moved beyond an inner circle and was later found to have been shared on a Discord server. It was also posted on Reddit for a short period of time and has become a menace for Apple. With regards to this, Motherboard adds
“This particular source code began circulating more widely in 2017 with a fourth and fifth source who are familiar with the jailbreaking and iPhone research communities.”
While Apple says there are no security implications of the leak as the code has been updated for the latest iOS release, we may still have more to come in this latest controversy to hit the company. So we’re keeping an eye out till then.