The source code for the iOS bootloader iBoot has been leaked to GitHub, prompting Apple to issue a DMCA takedown notice.
Although the source code is for iOS 9.3 and a couple of years old, it appears to be the real deal and would still cause something of a headache for Apple. Copies of the code have been circulating online despite the takedown notice, and the concern is that it could be used to exploit iOS with malware.
The source of the leak is not yet known, but it has clearly got Apple riled. Although Apple has only just issued a takedown notice, it is thought that the source code was actually made available on Reddit some four months ago. Social media and websites are now packed with links to mirrors to download the code.
Apple is saying nothing about the leak, but the DMCA notice all but confirms that the leak is of legitimate code. If you try to access the GitHub repository in question, you'll be greeted by the following message:
Repository unavailable due to DMCA takedown.
This repository is currently disabled due to a DMCA takedown notice. We have disabled public access to the repository. The notice has been publicly posted.
If you are the repository owner, and you believe that your repository was disabled as a result of mistake or misidentification, you have the right to file a counter notice and have the repository reinstated. Our help articles provide more details on our DMCA takedown policy and how to file a counter notice. If you have any questions about the process or the risks in filing a counter notice, we suggest that you consult with a lawyer.
Those who have looked at the code say it includes "low-level system code written in 32 and 64-bit Arm assembly, drivers, internal documentation, operating system utilities and build tools," and while it is possible that some of the code is still in use, it's unlikely that the leak poses too much of a security threat.