Earlier this week someone posted the source code of one of the essential components of iOS on GitHub. Reported by Motherboard, the leaked source code gave potential hackers and security researchers a way to exploit/find vulnerabilities. It is also reported that the code might have made jailbreaking an iPhone easier. Apple later confirmed that the code is from iOS and is part of an old software version (iOS9). The leaked code was apparently of a component called ‘iBoot’, which is responsible to start the system. It ensures that the code that is being run originates from Apple and importantly is valid. In the aftermath, Apple sent a DMCA notice to GitHub and since then the link has been taken down.
While the code was from an older version of iOS, namely iOS 9, Techcrunch reports that part of that is still being used by the latest iOS version - iOS 11. As told to Motherboard, Jonathan Levin, who has written books about MacOS and iOS said, “this is the biggest leak in [its] history.” In a statement given to Techcrunch through, Apple says, “Old source code from three years ago appears to have been leaked but by design, the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products.”
All that said, there is no need to get all paranoid since Apple uses a multi-layered approach to security on iOS and MacOS. As confirmed by security researcher Will Strafach, “Apple does not use security through obscurity, so this does not contain anything risky, just an easier to read format for the boot loader code. It’s all cryptographically signed on end user devices, there is no way to really use any of the contents here maliciously or otherwise.”