Remember a few months ago when an Apple engineer casually posted an internal HomePod build that contain plenty of iPhone X secrets? That was Apple’s most significant leak in history… until this week when someone shared the source code for a key piece of the iPhone’s core software, called iBoot. That’s the code that runs on the iPhone before iOS gets started, and whose secrets Apple has never shared.

It’s unclear how it ended up on Github, but the iBoot source code leak is now being called the “biggest leak in history,” according to security researcher Jonathan Levin’s comments to Motherboard.

Levin, who wrote a series of books on iOS and macOS, says it’s a “huge deal” that the iBoot code got out. “iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image,” Levin said. “And now it’s wide open in source code form.”

The code appears to be real according to his own reverse engineering. Even though the leaked iBoot code is from iOS 9, it may still be relevant to security researchers and hackers looking for holes in Apple’s mobile operating system. Apple has not confirmed the authenticity of the leak.

Any iBoot vulnerabilities discovered could lead to new jailbreaks, and even ways to decrypt the iPhone. The leak could also allow hackers to emulate iOS on non-Apple platforms.

Motherboard explains that vulnerabilities inside previous versions of iBoot allowed hackers to brute-force their way into older iPhone models by circumventing lock screen protection. However, that’s no longer possible on new devices that have a Secure Enclave Processor on board. 
The iBoot leak could bring back tethered jailbreaks too, the kind that require the phone to be connected to a computer when booting.

What’s interesting about the leak is that it was first posted on Reddit about a year ago, but it went largely unnoticed by most people. However, it’s likely that some people noticed the leak and have been working on discovering iOS vulnerabilities for months. On the other hand, Apple has surely made several improvements to its iBoot code since iOS 9, so it’s unclear what might come of this leak.

UPDATE: Apple confirmed the iBoot code leak is genuine, stressing the fact that device security doesn’t depend on source code secrecy.

“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” the company said in a statement. “There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

According to Apple’s latest stats, iOS 11 is installed on 65% of iOS devices, and iOS 10 accounts for 28%, with 7% running earlier versions.

Per Motherboard, Apple filed a copyright takedown request with GitHub, forcing the company to remove the code.

Comments