iOS 14 leaks sprung from Apple's supply chain, distributed & sold on social media
A leaked version of iOS 14, likely obtained from within Apple's supply chain in China, has been circulating around iPhone jailbreaking and hacking circles since at least February.
While leaks about upcoming Apple products aren't uncommon, sources in the jailbreaking community say that the iOS 14 build is "the first time ever" that a full early build of unreleased Apple software has surfaced so many months in advance.
Those sources told Motherboard that they think a development iPhone running an early version of the software was obtained from within Apple's supply chain in China. At some point, someone purchased that device for "thousands of dollars" and extracted the internal iOS 14 build, which was dated December 2019.
Independent security researchers also confirmed to Motherboard that an early iOS 14 build was given to security researchers so that they could get an early look at the code to find vulnerabilities. Other venues have found avenues for purchase of the code on social media, with the Chinese Weibo the most common source.
Of course, the leaked build is a very early iteration of Apple's next mobile software update. Because of that, there's a good chance that a lot will change in iOS 14 between February and its release date later in 2020 — and some features won't make the release.
Motherboard also notes that there is a hashtag on Twitter — #AppleInternals — used for trading leaked Apple code, hardware and documents. The current leaked iOS 14 build has shown up on that marketplace, but is also being traded among networks of security researchers and jailbreakers.
Two pseudonymous Twitter users confirmed to the publication that they had access to the leaked code, and one of them added that it was a "literal copy" of a build installed on a device with root access enabled.
At least some security researchers said they were staying away from the build, citing fears of repercussions from Apple. The Cupertino tech giant is notorious for going after leakers. Apple declined to comment on the current leak, however.
Back in 2019, an investigation found that there was a gray market for "dev-fused" iPhones illegally smuggled out of Apple facilities. Once resold, researchers use the development iPhones to probe iOS for security vulnerabilities.
One security researcher, SIXGEN Director of Cyber Product Ryan Duff, told Motherboard that this is "definitely a bad leak."
"This development build leaking is just another example of how Apple's security regarding leaks has deteriorated over time," added Duff.