iOS iBoot source code was reportedly leaked by former low-level Apple employee who has more code not yet widely leaked

“On Wednesday, an anonymous person published the proprietary source code of a core and fundamental component of the iPhone’s operating system,” Lorenzo Franceschi-Bicchierai reports for Motherboard. “A user named ‘ZioShiba’ posted the closed source code for iBoot — the part of iOS responsible for ensuring a trusted boot of the operating system — to GitHub, the internet’s largest repository of open source code.”

“How does something like this happen?” Franceschi-Bicchierai reports. “A low-level Apple employee with friends in the jailbreaking community took code from Apple while working at the company’s Cupertino headquarters in 2016, according to two people who originally received the code from the employee. Motherboard has corroborated these accounts with text messages and screenshots from the time of the original leak and has also spoken to a third source familiar with the story.”

Motherboard has granted these sources anonymity given the likelihood of Apple going after them for obtaining and distributing proprietary, copyrighted software” Franceschi-Bicchierai reports. “The original Apple employee did not respond to our request for comment and said through his friend that he did not currently want to talk about it because he signed a non-disclosure agreement with Apple.”

“According to these sources, the person who stole the code didn’t have an axe to grind with Apple. Instead, while working at Apple, friends of the employee encouraged the worker to leak internal Apple code. Those friends were in the jailbreaking community and wanted the source code for their security research” Franceschi-Bicchierai reports. “The person took the iBoot source code — and additional code that has yet to be widely leaked — and shared it with a small group of five people.”

Read more in the full article here.

MacDailyNews Take: That “additional code that has yet to be widely leaked” should be concerning to Apple and to users fo the company’s products and services. Now, why exactly does a “low-level” employee even have access to such mission-critical code?

iBoot leak means it’s time to dump those old iPhones and iPads – February 9, 2018
Apple: The leaked iOS source code is outdated – February 8, 2018
Apple took it down via a DMCA, but iOS iBoot code is now in the wild – February 8, 2018
iOS source code leak could be the worst Apple’s ever had to deal with – February 8, 2018
Key iPhone source code gets posted online in ‘biggest leak in history’ – February 8, 2018


  1. Apple is going to find this person, and probably sooner than later. They left tracks all over. Former employee. Worked there in 2016. Fired or left between then and now. Had access to or was in position that allowed them to access that particular data.

    How many former employees are going to fit that criteria?

    Not that many, I’ll wager.

      1. botvirnnik did it.

        he hates tim, and all tim stands for, shame on you bot.

        first you hurt america with that nut trump = liar, then you hurt one of our major companies.

        Old president Bone Spurs you’ll have to thank for the higher interest rates. Bone Spurs is president of the United States, he could order the CIA to get the compromising evidence from the russians, ah, i forgot, he’s not to bright. you know, so he can take his lips off of putin’s butt. hell, you would think old bone spurs would be tired of bending over and staying in such a position.

          1. I thought you already told us that.

            Why would i mention it again, Especially, when bones spurs has problems with teenage girls. Why would I bring up such, when we all know it.

          2. botty, it is about time that you and your fellow far right Trump supporters stop deflecting to Hillary and Obama and Clinton and Carter and begin focusing on the shortcomings of your preferred politicians, which are legion. They are also currently in charge of screwing up this country, so Trump and McConnell and Ryan and Trump’s coterie of loyal, but incompetent appointees deserve your scrutiny and criticism a whole lot more than ex-politicians from other parties.

            While you are at it, kick the hypocrisy habit at the same time. Republicans have elevated hypocrisy to an art form, but it is time to face up to reality – Trump sucks, deficits are going to explode, the working middle-class and poor are getting shafted (again), and the military-industrial complex is getting yet another injection of borrowed capital from the federal government.

            Where is the GOP outrage about deficit spending? Where is the outrage about the growing debt? Why has the party that formerly championed fiscal conservatism and free trade in a global economy suddenly changed vectors to tax cut-and-spend budgets and protectionism?

            You guys love to play up the past glories of the Republican Party. What you apparently fail to realize is the Republican Party has radically changed from even just 30 years ago in the Reagan era. I would take Reagan or George H. W. Bush over the Trumpanzee without a second thought. In fact, there are relatively few people who I would not choose over the current POTUS – he is demonstrably that bad.

  2. It was only a matter of time. IOS is designed for cloud data storage. Any company with cloud services has a big target painted on them. Who knows how many data breaches other companies already have had.

    This is why Apple’s reputation for security is a farce. No matter how solid the software code, personnel can be corrupt. There will always be schmucks like this with inside access. Whether for the hacking challenge, the money, or as part of a criminal ring or spy agency, cyber crime is the new normal.

    I applaud Apple for attempting to secure customers data, but I don’t trust anything that is constantly connected to remote servers, especially those iCloud servers that Apple rents from irs direct enemies. The more Apple fans brag about their security, the more embarrassing these breaches are. I will continue to manage my own data locally, not on anyone’s cloud. Nothing on my iPhone will ever be mission critical, financial, or private. Someone somewhere already has access, or will have access to your stuff if you lose your phone or use iCloud. It’s just a matter of time.

  3. This person very obviously wasn’t low level enough to not have access to that code, so the characterization of such is misleading. But, based on this article, it would appear that Apple knows who this person is especially if they worked in Cupertino. And if you work in that type of capacity, have read your NDA and understand it, how do “friends encouraging you” get you to risk this kinds of consequences? This is a bad person who did a very bad thing, and now they’re scared shitless (as they should be). I hope they find them and prosecute. Very not cool.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.