Risk Assessments/Management, Data Security, Breach, Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Network Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Story behind how low-level Apple employee leaked iBoot source code

Much like a horror movie in which a close-knit group of friends steal something for a good time only to open Pandora's Box, the story behind how Apple's iBoot source code leaked plays out similar to the plot of

28 Days Later or Rise of the Planet of the Apes.

In 2016, a low level employee working at Apple's Cupertino headquarters was convinced by some of his friends in the jailbreaking community to steal some Apple source code for their own security research, two people who originally received the code told Motherboard under the guise of anonymity.

The group of friends never intended on the source code leaking from the initial bunch but nearly a year after the code was stolen someone inside the group gave it “to someone else who shouldn't have had it,” the sources said. It's unclear who exactly leaked the code outside the initial group of friends, but by fall of 2017 people far removed from the initial group had gained access to the stolen code and began sharing the code on forums.

Despite the wider exposure, the code largely went unnoticed until it was eventually went viral after being posted to GetHub earlier this week.  Apple claimed the leaked code is not a security risk for most if any users but some claim the code could still grant attacker insight into potential vulnerabilities and bugs in a key part of the iPhones ecosystem.  

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.