The walls Apple has built around its iPhones are starting to show cracks.
A critical piece of the iPhone’s operating system source code was leaked anonymously online, raising concerns that hackers could take advantage of potential vulnerabilities and make new jailbreaks. First discovered on Wednesday by Motherboard, the code was uploaded to Github and quickly removed after Apple filed a copyright notice.
While the code’s existence was brief, it sent ripples through the cybersecurity community, with one Mac and iOS expert calling it the “biggest leak in history.” That’s because it came from a portion of iOS called iBoot, which powers up an iPhone when you turn it on and verifies the code running in the background comes from Apple. It’s the very first process that runs when iOS starts up. This appears to be the first time a non-Apple engineer has taken a look at the bootup process.
Apple responded to the incident by reassuring that, even if someone got a hold of its source code, they wouldn’t be able to breach to any devices.
“Old source code from three years ago appears to have been leaked, but by design the security of our products doesn’t depend on the secrecy of our source code,” Apple said in a statement. “There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
According to the Motherboard report, the code was for iOS 9, though portions are likely still used in iOS 11.
The data was first posted to Reddit last year, but no one took notice since the original poster didn’t have enough karma built up. It is, therefore, possible that it got into the wrong hands and has been spreading in underground hacking communities. At least one Reddit user claims to have “a lot of backups on hard drives, USBs, and servers.”