The code that allows iOS devices to boot up, aptly named iBoot — and that Apple makes sure to keep private — may have leaked online.
A new report from Motherboard claims that the code could be retrieved on GitHub, a hosting service for software developers to publish and share code.
The code seems to belong to an older version of iOS (presumably iOS 9, released in 2015) but parts of it may very well be used in the current iOS 11.
iBoot essentially allows iPhones and other iOS devices to turn on; it's the very first thing that is activated when someone pushes the sleep/wake button.
It loads, verifies that the kernel — the "heart" of the operating system's code — is actually signed by Apple, and then executes the code and takes you to the lock screen.
Motherboard asked Jonathan Levin — chief technology officer of software security firm Technologeeks and author of several books on the theme — what he thinks about the leak.
"This is the biggest leak in history," Levin told Motherboard, confirming that the code — whose source is unknown — may be legit. "It's a huge deal."
Apple did not immediately respond to Business Insider's request for comment.
The access to iBoot's code may have several implications; it could allow researchers to find vulnerabilities in the systems more easily, but it might also open the door to less benevolent hackers willing to exploit the hole.
Ill-intentioned people could potentially find bugs that let them crack or decrypt an iPhone, despite the extra security steps added by the Secure Enclave Processor built into each new iOS device, or even emulate the operating system on non-Apple products.
Levin told Motherboard that, if the code is genuine, it may start circulating widely in the underground iOS jailbreaking community, which in turn might mean that the increasingly less popular jailbreaks may come back soon.
"iBoot is the one component Apple has been holding on to, still encrypting its 64 bit image," Levin said. "And now it’s wide open in source code form."