A critical piece of the iPhone’s operating system source code was leaked anonymously online on Wednesday, and now a former Apple intern has reportedly taken responsibility for it.
Through friends, the former intern confirmed to Motherboard that they leaked the iOS source code—including portions of code that haven’t been leaked to the public yet—to five members of the iOS jailbreaking community to help them circumvent Apple’s locked down mobile operating system.
“He pulled everything, all sorts of Apple internal tools and whatnot,” a friend of the intern told Motherboard.
The group said it never planned for the code to be shared with anyone else, but it was stolen at some point in 2017. It leaked from the group into a Discord chat group and then was subsequently shared to Reddit last October, where it was quickly removed by a moderation bot. But this week, the source code was uploaded to GitHub, internet’s largest repository of open source code, by a user named “ZioShiba.” It was quickly removed after Apple filed a copyright notice, but by then it had already sent ripples through the cybersecurity community.
The group said it tried its hardest to keep the code underlock. After the code was stolen and leaked on Discord, one of the members said the group burned all the copies it had because the members thought it could be dangerous in the hands of someone with malicious intent.
“It can be weaponized,” they said. “There’s something to be said for the freedom of information, many view this leak to be good. [But] information isn’t free when it inherently violates personal security.”
Specifically, the leak displayed two-year-old code for iBoot—the part of iOS responsible for ensuring a trusted boot of the operating system, which iPhone researcher Jonathan Levin called the “biggest leak” in the history of the iPhone.
Some are worried the code could help iOS security researchers and the jailbreak community find new bugs and vulnerabilities in a key part of the iPhone’s locked-down ecosystem, but Apple remains mostly at ease.
“By design the security of our products doesn’t depend on the secrecy of our source code,” the company said in a statement. “There are many layers of hardware and software protections built into our products.”