Jonathan Levin, the author of a series of books on iOS and Mac OSX internals, called the leak "huge", speculating the code is now making rounds in the underground iOS jailbreaking community. It ensures that the code being run is valid and is from Apple only. Some may say it won't make any difference but then Apple wouldn't have taken the trouble to take down the iBoot through a legal notice if it contains nothing that can work against its interest.
Apple keeps code like this firmly under lock and key, in a form of 'security through obscurity', as it is essential to the core functionality of iOS.
The code, known as iBoot, appeared on open source platform GitHub before being removed at Apple's request, and appeared to be from the company's iOS 9 software, which was released in 2015.
Apple has played down the possible negative consequences of the leak, saying that the old source code exposure would not cause any security concern. Bugs in the iOS boot process are the most valuable ones to be covered by the company's bug bounty program, receiving a maximum payout of $200,000. The former employee apparently took "all sorts of Apple internal tools and whatnot", according to one of the individuals who had originally received the code, including additional source code that was apparently not included in the initial leak. Here's hoping they plug the leak before something like the iOS 11 source code makes its way onto the internet.
The code was for the outdated iOS 9, released in September 2015, but it is expected that parts of the code may still be in use underpinning the iPhone's security in later releases. Although Apple hasn't directly commented on the breach's authenticity, its expedited DMCA request strongly implies the source was genuine code.
"But Apple should be anxious because if somebody has got hold of that, what else have they got?" Last year, a Reddit user named Apple_Internals posted the code, but at the time, it failed to gain the same amount of attention. The iPhone maker has also confirmed the code posted at GitHub is real indeed, but it isn't clear yet as to how it got leaked or who is responsible for it either.