A key piece of core Apple software called iBoot, which runs when turn on an iOS device, was shared by anonymous user "Zioshiba" on Github.
Security researcher Jonathan Levin described the breach to Motherboard as the “biggest leak in history" and according to his own reverse engineering, it appears to be authentic.
Levin, who wrote a series of books on iOS and macOS, says it’s a “huge deal” that the iBoot code got out.
He said: “iBoot is the one component Apple has been holding on to, still encrypting its 64-bit image... And now it’s wide open in source code form.”
Even though the leaked iBoot code is from iOS 9, it may still be relevant to security researchers and hackers looking for holes in Apple’s mobile operating system.
Any iBoot vulnerabilities discovered could lead to new jailbreaks, and even ways to decrypt the iPhone.
The leak could also allow hackers to emulate iOS on non-Apple platforms.
Motherboard explains that vulnerabilities inside previous versions of iBoot allowed hackers to brute-force their way into older iPhone models by circumventing lock screen protection.
However, that’s no longer possible on new devices that have a Secure Enclave Processor on board.
The iBoot leak could bring back tethered jailbreaks too, the kind that require the phone to be connected to a computer when booting.
The leak was first posted on Reddit about a year ago, but it went largely unnoticed.
It’s likely that some people noticed the leak and have been working on discovering iOS vulnerabilities for months.
Apple has confirmed the source code is from iOS 9, which was released in 2015.
More about: iPhone