On the evening of February 7, Motherboard’s Lorenzo Franceschi-Bicchierai reported that code from the secure boot-up portion of Apple’s iOS mobile operating system—referred to as iBoot—had been posted to GitHub in what, according to Motherboard, iOS internals expert Jonathan Levin described to the website as “the biggest leak in history.”
That may be hyperbole—and Levin has since claimed he never said such a thing:
People – I never said it’s “the biggest leak in history”. I’m sure MSFT and EFX would disagree too.. but yeah, this is huge.
— Jonathan Levin (@Morpheus______) February 8, 2018
The leaked code has since been removed by GitHub after Apple sent a Digital Millennium Copyright Act takedown request. But the leak—which has been floating around the Internet for about a year, first being posted on Reddit— may still have implications for Apple mobile device security, specifically as an assist to those trying to create exploit software to “jailbreak” or otherwise bypass Apple’s security hardening of iPhone and iPad devices. A search found several other copies posted on GitHub (for now), including one with instructions and instrumentation for “fuzzing” the code with tools designed to discover weaknesses in the code. However, it’s highly unlikely that any bug discovered would be exploitable by an attacker seeking to break into the phone, because of the way Apple has layered the security of iOS devices.