The iBoot bootloader code got to the network because of an Apple employee who worked as an intern at the company headquarters. He stole the sources in 2016, but did not plan to publish them. This is reported by Motherboard with reference to the correspondence of the employee and his friends who received the iOS code.
An unnamed trainee first sent out the iOS boot code to five friends who were investigating and hacking the system. The interlocutors of the publication noted that the former employee stole not only the source code iBoot, but also “all the internal tools of Apple and something else.” However, the additional code has not appeared anywhere.
The members of the group also did not want publicity and did not expect that the source code would go to open access. They were afraid of the consequences that Apple can expect from them otherwise.
I was really nervous because of the fact that this [code] could have been published by any of us at any time. Owning the code iBoot, not working in Apple – is unheard of. I would not want him to see the light. Not out of greed, but out of fear of the “fiery storm” of the law it calls out.
However, at some point the group lost control over the dissemination of information: someone handed the source code to someone outside the narrow circle. Then the iOS loader code began to spread more and more widely on jailbreak communities and forums about hacking the iPhone.
But at first the information was not given importance until she got to Reddit, before being in a major Chat Discord. Bot-moderator Reddit soon automatically deleted the record, but the next day it appeared on GitHub. One of the interlocutors noted that the code, which became publicly available, is still only a part of the source code.
On February 8, unidentified people published on GitHub key source codes iOS 9. Soon the repository was blocked for copyright infringement: the system is a closed development of Apple and belongs to the company. Apple reported that the published code is no longer relevant and does not pose a threat to users.