Much like a horror movie in which a close-knit group of friends steal something for a good time only to open Pandora's Box, the story behind how Apple's iBoot source code leaked plays out similar to the plot of28 Days Later or Rise of the Planet of the Apes.
In 2016, a low level employee working at Apple's Cupertino headquarters was convinced by some of his friends in the jailbreaking community to steal some Apple source code for their own security research, two people who originally received the code told Motherboard under the guise of anonymity.
The group of friends never intended on the source code leaking from the initial bunch but nearly a year after the code was stolen someone inside the group gave it “to someone else who shouldn't have had it,” the sources said. It's unclear who exactly leaked the code outside the initial group of friends, but by fall of 2017 people far removed from the initial group had gained access to the stolen code and began sharing the code on forums.
Despite the wider exposure, the code largely went unnoticed until it was eventually went viral after being posted to GetHub earlier this week. Apple claimed the leaked code is not a security risk for most if any users but some claim the code could still grant attacker insight into potential vulnerabilities and bugs in a key part of the iPhones ecosystem.