Apple Launches Security Research Device Program to Give Bug Hunters Deeper OS Access to Find Vulnerabilities - MacRumors
Skip to Content

Apple Launches Security Research Device Program to Give Bug Hunters Deeper OS Access to Find Vulnerabilities

by

Apple is today launching a new Apple Security Research Device Program that's designed to provide security researchers with special iPhones that are dedicated to security research with unique code execution and containment policies.

applesecuritydevice
Apple last year said it would be providing security researchers with access to "special" iPhones that would make it easier for them to find security vulnerabilities and weaknesses to make iOS devices more secure, which appears to be the program that's rolling out now.

The iPhones that Apple is providing to security researchers are less locked down than consumer devices and will make it easier to find serious security vulnerabilities.

Apple says the Security Research Device (SRD) offers shell access and can run any tools or entitlements, but other than that, it behaves similarly to a standard iPhone. SRDs are provided to security researchers on a 12-month renewable basis and remain Apple property. Bugs discovered with the SRD must be "promptly" reported to Apple or a relevant third-party.

If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party. If you didn't use the SRD for any aspect of your work with a vulnerability, Apple strongly encourages (and rewards, through the Apple Security Bounty) that you report the vulnerability, but you are not required to do so.

If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others.

Apple is accepting applications for the Security Research Device Program. Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.

Those that participate in the program will have access to extensive documentation and a dedicated forum with Apple engineers, with Apple telling TechCrunch that it wants the program to be a collaboration.

The Security Research Device Program will run alongside the bug bounty program, and hackers can file bug reports with Apple and receive payouts of up to $1 million, with bonuses possible for the worst vulnerabilities.

Popular Stories

Apple Lists 250 Changes Across iOS 27 and More Feature

Apple Shares List of 250 Changes Across iOS 27, macOS Golden Gate, and More

Wednesday June 10, 2026 1:34 pm PDT by
During its WWDC 2026 keynote on Monday, Apple briefly showed a slide with hundreds of new features and enhancements coming across iOS 27, macOS 27 Golden Gate, watchOS 27, tvOS 27, and visionOS 27. All of the software updates are currently available as developer betas, and they are expected to be released to all users in September. We already highlighted some of the key new features from the ...
Read Full Article132 comments
Apple Event Logo

Apple to Release These 15 New Products Later This Year

Friday June 12, 2026 7:45 am PDT by
Apple's annual WWDC developers conference is drawing to a close, but there is still a lot to look forward to in the second half of the year. Apple is expected to release at least 15 more products later this year. Now that the more intelligent and personal version of Siri has finally arrived in beta, a full two years after Apple first previewed it at WWDC 2024, we should begin to see some new ...
Read Full Article37 comments
iCloud iPhone 17 Pro

iPhone Users Who Pay for iCloud Storage Get Two New Perks on iOS 27

Tuesday June 9, 2026 11:29 am PDT by
If you pay for extra iCloud storage on your iPhone, beyond the 5GB included for free, you might receive two more perks on iOS 27 at no additional cost. First, Apple said there will be daily usage limits for some of the new and enhanced Apple Intelligence features on iOS 27, including image generation. However, the company noted that "increased access" is available with "most" iCloud+ storage ...
Read Full Article

Top Rated Comments

Vanilla35 Avatar
Vanilla35
77 months ago


Attachment Image
Score: 12 Votes (Like | Disagree)
A
alphaswift
77 months ago
Every government in the world just joined the Apple Developer Program.
Score: 7 Votes (Like | Disagree)
tehabe Avatar
tehabe
77 months ago
The big issue is, that Apple controls everything in this programme. Apple could decide not to fix an issue and nobody would know because only Apple decides when to release the information. That is btw the reason why Google's Project Zero won't join this programme, it is against their 90 days publication policy.
Score: 3 Votes (Like | Disagree)
SecuritySteve Avatar
SecuritySteve
77 months ago

How is this different than the crash logs we already have in iOS?
There's a huge difference. Right now there's no way to inspect the file system to see if there was a successful breach, and crash logs only contain a stack trace and memory snapshot of application. With this kit you have full access to the device that normally would be protected. This lets you probe more sensitive areas such as Secure Enclave.

It also lets you do more detailed API testing and fuzzing as root on the iPhone, similar to what Google Project Zero's Ian Beer does.
Score: 2 Votes (Like | Disagree)
S
Sasparilla
77 months ago
Nice to see. Just keep making security better on it Apple.
Score: 2 Votes (Like | Disagree)
N
NMBob
77 months ago
Not being able to break in is kind of a security issue. :)
Score: 1 Votes (Like | Disagree)
Read All Comments