Late last year, an anonymous Reddit user posted a bunch of code on the popular online community site. No one gave it much consideration at the time because the user hadn't built up any karma points. Now that same code has appeared on GitHub and it appears to be an absolute bombshell.
The code that was posted reportedly belongs to Apple. And while not all of the code that Apple's programmers create would send shockwaves through the security community if it leaked, this particular bit of code has done just that.
Why? Because this code is believed to be iBoot, a critical component of iOS. It's the first code that runs when a device starts up, and it can tap in to the very core of every iPhone and iPad in existence. If what's been posted online is indeed the real thing, then it could give hackers an unprecedented opportunity to develop new exploits that target Apple devices.
Jonathan Levin, a highly regarded iOS and MacOS developer, told Motherboard "this is the biggest leak in history," adding "it’s a huge deal." Without the code, hackers would have to rely on reverse engineering to discover vulnerabilities in iBoot. With the code laid bare, they can take a much more direct approach. That could have disastrous implications for anyone who uses an iPhone or iPad — a number that sits somewhere around 200 million people in the U.S. alone.
While Apple hasn't directly confirmed or denied whether the code is real, the fact that GitHub removed it following a DMCA takedown request seems to indicate that it's legit.
There may not be a reason for iPhone and iPad users to panic, however. The leaked iBoot code was from iOS 9, which was released back in 2015. Newer versions of the code would have numerous changes and would almost certainly have fewer vulnerabilities that could be exploited (or at least very different ones).
We'll have to wait for the dust to settle to know for sure, and that could take a very long time in this case.
