Last week Apple iOS source code was leaked; it is now guaranteed to be out there and available to any/all nefarious types. Apple claims it is old code, but code bases don’t just morph into something completely different; changes are usually small and incremental, particularly in core areas of the system. So the downplaying by Apple is not very believable.
This makes Apple look pretty darn sloppy—an intern gets source code, but the FBI gets the finger? Actions speak louder than words, as does inaction. At any rate, my views on encryption are stout: no government backdoors. But if Apple is going to tell the FBI to take a hike, Apple ought to at least make sure interns don’t put source code into the wild.
Hyperbole aside, here is what MacWorld wrote on it in Apple confirms iOS source code leak, but downplays it as old and outdated:
Apple is used to fighting leaks about its upcoming products and OS releases, but it’s never had to deal with anything like this before. An anonymous user on the popular code-sharing server GitHub has posted a major component of the iOS source code for all to see, and some experts are fearing it could be “the biggest leak in history.”
As first reported by Motherboard, the leaked code has since been pulled off the site but not before countless people were surely able to get their hands on it. Apple was forced to use the Digital Millennium Copyright Act to get the code taken down, and as UW research scientist Karl Koscher mused on Twitter, the law essentially forces Apple to admit that the code was real or else face perjury charges. In the DMCA takedown letter, Apple's legal team writes that the content in question is a "reproduction of Apple's "iBoot" source code, which is responsible for ensuring trusted boot operation of Apple's iOS software. The 'iBoot' source code is proprietary and it includes Apple's copyright notice. It is not open-source."
TheVerge.com piles on with hyperbole in Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History':
Someone just posted what experts say is the source code for a core component of the iPhone’s operating system on GitHub, which could pave the way for hackers and security researchers to find vulnerabilities in iOS and make iPhone jailbreaks easier to achieve. The GitHub code is labeled “iBoot,” which is the part of iOS that is responsible for ensuring a trusted boot of the operating system. In other words, it’s the program that loads iOS, the very first process that runs when you turn on your iPhone. It loads and verifies the kernel is properly signed by Apple and then executes it—it’s like the iPhone’s BIOS. The code says it’s for iOS 9, an older version of the operating system, but portions of it are likely to still be used in iOS 11.
I’m in favor of ALL source code that is security sensitive being made available to researchers, at the least. And Apple should as a routine matter pay/hire competent 3rd parties for exhaustive reviews of source code for security issues). Particularly for macOS, where Apple has proven itself at best extremely sloppy and arguably incompetent in recent months.
Making source code available for public review means good things: (1) shows no back doors for government are present, and (2) weaknesses are quickly found and can be fixed.