An unidentified hacker posted the source code for Apple’s operating system on GitHub this week. As Motherboard first reported, the “iBoot” code is used to load Apple’s iOS when users push the sleep/wake button. It turns on the iPhone and then loads the lock screen.
The leaked code is somewhat outdated—it was used on iOS 9, while Apple’s most recent update featured iOS 11. And the company also made sure the code was taken offline within hours.
“The ‘iBoot’ source code is proprietary, and it includes Apple’s copyright notice,” the tech giant said in a legal notice to GitHub. “It is not open-source.”
“Old source code from three years ago appears to have been leaked, but by design, the security of our products doesn’t depend on the secrecy of our source code,” Apple later elaborated in a statement. “There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”
It’s true that having three-year-old source code in the wild isn’t a major security risk.
According to Apple, 93 percent of its customers use iOS 10 or above. Frequently updated devices likely no longer utilize the leaked code.
But this still represents a rare misstep for one of the world’s biggest tech companies.
Apple has been particularly cautious about releasing code to the public: only certain parts of its operating system are open-source, and the company runs a bounty program which pays $200,000 to anyone who finds a bug in its programming.
The code is also still available in some corners of the internet. Hackers in Reddit’s r/jailbreak forum have been sharing versions of iBot over the last few days in hopes of breaking the code.
Given Apple’s legal troubles of late, the last thing it needs is an intellectual property fight. The company would do well to strengthen the virtual Fort Knox around its code to protect it from hackers.