Apple Launches Security Research Device Program to Give Bug Hunters Deeper OS Access to Find Vulnerabilities

Apple is today launching a new Apple Security Research Device Program that's designed to provide security researchers with special iPhones that are dedicated to security research with unique code execution and containment policies.


Apple last year said it would be providing security researchers with access to "special" iPhones that would make it easier for them to find security vulnerabilities and weaknesses to make iOS devices more secure, which appears to be the program that's rolling out now.

The iPhones that Apple is providing to security researchers are less locked down than consumer devices and will make it easier to find serious security vulnerabilities.

Apple says the Security Research Device (SRD) offers shell access and can run any tools or entitlements, but other than that, it behaves similarly to a standard iPhone. SRDs are provided to security researchers on a 12-month renewable basis and remain Apple property. Bugs discovered with the SRD must be "promptly" reported to Apple or a relevant third-party.

If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party. If you didn't use the SRD for any aspect of your work with a vulnerability, Apple strongly encourages (and rewards, through the Apple Security Bounty) that you report the vulnerability, but you are not required to do so.

If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others.

Apple is accepting applications for the Security Research Device Program. Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.

Those that participate in the program will have access to extensive documentation and a dedicated forum with Apple engineers, with Apple telling TechCrunch that it wants the program to be a collaboration.

The Security Research Device Program will run alongside the bug bounty program, and hackers can file bug reports with Apple and receive payouts of up to $1 million, with bonuses possible for the worst vulnerabilities.

Top Rated Comments

(View all)
Avatar
2 weeks ago


Score: 12 Votes (Like | Disagree)
Avatar
2 weeks ago
Every government in the world just joined the Apple Developer Program.
Score: 7 Votes (Like | Disagree)
Avatar
2 weeks ago
The big issue is, that Apple controls everything in this programme. Apple could decide not to fix an issue and nobody would know because only Apple decides when to release the information. That is btw the reason why Google's Project Zero won't join this programme, it is against their 90 days publication policy.
Score: 2 Votes (Like | Disagree)
Avatar
2 weeks ago
Nice to see. Just keep making security better on it Apple.
Score: 2 Votes (Like | Disagree)
Avatar
2 weeks ago


How is this different than the crash logs we already have in iOS?

There's a huge difference. Right now there's no way to inspect the file system to see if there was a successful breach, and crash logs only contain a stack trace and memory snapshot of application. With this kit you have full access to the device that normally would be protected. This lets you probe more sensitive areas such as Secure Enclave.

It also lets you do more detailed API testing and fuzzing as root on the iPhone, similar to what Google Project Zero's Ian Beer does.
Score: 2 Votes (Like | Disagree)
Avatar
2 weeks ago
This is great news!




Every government in the world just joined the Apple Developer Program.


Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.

I think we will be ok.
Score: 1 Votes (Like | Disagree)

Top Stories

Apple Confirms This Year's iPhone 12 Models Will Be a Little Bit Late

Thursday July 30, 2020 2:34 pm PDT by
During today's earnings call covering the third fiscal quarter of 2020 (second calendar quarter) Apple CFO Luca Maestri confirmed that Apple is expecting to release this year's iPhones later than usual. Maestri said that Apple last year started selling iPhones in late September, but this year, Apple projects supply will be "available a few weeks later." Multiple rumors have suggested that ...

Just How Small Will the 5.4-Inch iPhone 12 Screen Be? Try It Out for Yourself

Tuesday July 28, 2020 12:57 pm PDT by
As rumors of the iPhone 12 have continued to build over the past few months, the one model that has the most excitement around it is the smallest 5.4" model. The iPhone 12 is believed to be coming in 5.4", 6.7", and 6.1" sizes. Dummy models have shown how much smaller the 5.4" is compared to the rest of the iPhone lineup. The upcoming 5.4" iPhone falls in-between the size of the original...

Leaker Jon Prosser Claims iPhone 12 and New iPads Will Launch in October

Wednesday July 29, 2020 4:15 pm PDT by
Leaker Jon Prosser, who has a somewhat mixed track record when it comes to predicting Apple's plans, today said that new iPhone 12 models and new iPads will launch in October. Multiple rumors have suggested that some or all of the iPhone 12 models coming this year will see a later than normal launch. Apple typically unveils and releases new iPhones in the month of September, but problems...

Apple Watch Series 6 to Feature Blood Oxygen Monitoring Sensor

Friday July 31, 2020 1:56 am PDT by
The Apple Watch Series 6 will add blood oxygen monitoring to its features list when it's launched later this year, according to a new report from DigiTimes. Apple Watch 6 will feature biosensors that can monitor sleeping conditions, detect blood oxygen and measure pulse rates, heartbeats and atrial fibrillation, and will also incorporate MEMS-based accelerometer and gyroscope, all allowing the ...

Emails Reveal Why Steve Jobs and Phil Schiller Blocked In-App Purchase of Kindle Books

Friday July 31, 2020 6:25 am PDT by
Internal Apple emails, made public by the House Judiciary Committee's antitrust inquiry, have revealed information about why Apple blocked in-app purchases of Kindle books on iOS devices, reports The Verge. Two sets of emails between Steve Jobs, Phil Schiller, Eddy Cue, and various other senior Apple executives, disclose the exact thinking behind how Apple approached Kindle on iOS. The...

Apple Launches New Gift Card for 'Everything Apple'

Friday July 31, 2020 3:45 am PDT by
Apple has introduced a new single gift card in the U.S. for all things Apple. First spotted by iCulture, the card can be used at the App Store and other online services, but you can also use it to buy products and accessories in the Apple Store. Previously, there were two separate Apple gift cards available: iTunes cards, which can be used for App Store, iTunes Store, and iCloud storage...

Apple Reports 3Q 2020 Results: $11.25B Profit on $59.7B Revenue, 4-for-1 Stock Split Announced

Thursday July 30, 2020 1:39 pm PDT by
Apple today announced financial results for the third fiscal quarter of 2020, which corresponds to the second calendar quarter of the year. For the quarter, Apple posted revenue of $59.7 billion and net quarterly profit of $11.25 billion, or $2.58 per diluted share, compared to revenue of $53.8 billion and net quarterly profit of $10.0 billion, or $2.18 per diluted share, in the year-ago...

Battery Likely for Upcoming Apple Watch Series 6 Filed in Certification Listings

Saturday August 1, 2020 5:46 am PDT by
A battery likely for the upcoming Apple Watch Series 6 has been filed at the Korea Testing and Research Institute and discovered by a Twitter user @yabhishekhd. Certification for a 1.17Wh battery with a capacity of 303.8mAh was issued on June 23 by the KTR, a Korean regulatory body that approves and tests new hardware ahead of public sale. The battery seems to be destined for a future...

Some Apple Watch Series 5 Owners Seeing Issues With Inconsistent Battery Levels and Random Shutdowns

Thursday July 30, 2020 12:29 pm PDT by
Some Apple Watch Series 5 owners have been experiencing battery issues with their devices that cause random shutdowns even when the Apple Watch is reporting high battery levels. An inconsistent reading of actual battery level appears to be at fault, as in most cases, the Apple Watch reports near 100 percent battery levels for most of the day before dropping down to close to 50 percent and...

Apple Offered to Halve App Store Fee to Get Amazon Prime Video on iOS and Apple TV

Thursday July 30, 2020 6:27 am PDT by
Apple offered Amazon lower App Store fees to convince it to launch its Prime Video app on the App Store and Apple TV, documents published by the U.S. antitrust subcommittee have revealed. According to email correspondence between Apple's services chief Eddy Cue and Amazon CEO Jeff Bezos, Apple struck a deal to bring Amazon Prime Video into the App Store by agreeing to take a 15% revenue share...