Apple Launches Security Research Device Program to Give Bug Hunters Deeper OS Access to Find Vulnerabilities

Apple is today launching a new Apple Security Research Device Program that's designed to provide security researchers with special iPhones that are dedicated to security research with unique code execution and containment policies.

applesecuritydevice
Apple last year said it would be providing security researchers with access to "special" iPhones that would make it easier for them to find security vulnerabilities and weaknesses to make iOS devices more secure, which appears to be the program that's rolling out now.

The iPhones that Apple is providing to security researchers are less locked down than consumer devices and will make it easier to find serious security vulnerabilities.

Apple says the Security Research Device (SRD) offers shell access and can run any tools or entitlements, but other than that, it behaves similarly to a standard iPhone. SRDs are provided to security researchers on a 12-month renewable basis and remain Apple property. Bugs discovered with the SRD must be "promptly" reported to Apple or a relevant third-party.

If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party. If you didn't use the SRD for any aspect of your work with a vulnerability, Apple strongly encourages (and rewards, through the Apple Security Bounty) that you report the vulnerability, but you are not required to do so.

If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others.

Apple is accepting applications for the Security Research Device Program. Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.

Those that participate in the program will have access to extensive documentation and a dedicated forum with Apple engineers, with Apple telling TechCrunch that it wants the program to be a collaboration.

The Security Research Device Program will run alongside the bug bounty program, and hackers can file bug reports with Apple and receive payouts of up to $1 million, with bonuses possible for the worst vulnerabilities.

Top Rated Comments

Vanilla35 Avatar
12 months ago


Attachment Image
Score: 12 Votes (Like | Disagree)
alphaswift Avatar
12 months ago
Every government in the world just joined the Apple Developer Program.
Score: 7 Votes (Like | Disagree)
tehabe Avatar
12 months ago
The big issue is, that Apple controls everything in this programme. Apple could decide not to fix an issue and nobody would know because only Apple decides when to release the information. That is btw the reason why Google's Project Zero won't join this programme, it is against their 90 days publication policy.
Score: 2 Votes (Like | Disagree)
Sasparilla Avatar
12 months ago
Nice to see. Just keep making security better on it Apple.
Score: 2 Votes (Like | Disagree)
SecuritySteve Avatar
12 months ago

How is this different than the crash logs we already have in iOS?
There's a huge difference. Right now there's no way to inspect the file system to see if there was a successful breach, and crash logs only contain a stack trace and memory snapshot of application. With this kit you have full access to the device that normally would be protected. This lets you probe more sensitive areas such as Secure Enclave.

It also lets you do more detailed API testing and fuzzing as root on the iPhone, similar to what Google Project Zero's Ian Beer does.
Score: 2 Votes (Like | Disagree)
Saipher Avatar
12 months ago
This is great news!




Every government in the world just joined the Apple Developer Program.

Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.
I think we will be ok.
Score: 1 Votes (Like | Disagree)

Top Stories

macbook air orange

Apple Developing a Whole New Kind of MacBook Air

Monday June 21, 2021 2:15 am PDT by
Apple is believed to be working on a completely new, high-end version of the MacBook Air, according to recent reports. Bloomberg's Mark Gurman, who often reveals accurate insights into Apple's plans, has repeatedly discussed the company's work on a high-end MacBook Air. Apple analyst Ming-Chi Kuo and leaker Jon Prosser have also referred to a similar MacBook Air model. The high-end...
iOS 15 Users Underwhelmed Feature

Users Underwhelmed by iOS 15 and iPadOS 15, Survey Suggests

Monday June 21, 2021 7:17 am PDT by
Users appear to be underwhelmed by Apple's upcoming iOS 15 and iPadOS 15 updates, according to the findings of a new survey by SellCell. The survey asked 3,000 iPhone and iPad users, evenly split between men and women, aged 18 or over in the United States, what they thought of iOS 15, iPadOS 15, and the naming of the upcoming iPhone 13 lineup. Over 50 percent of all of the survey's...
purple iphone 12 and 12 mini

iPhone 12 Mini Production Reportedly Ended Earlier Than Expected Due to Relatively Low Sales

Monday June 21, 2021 7:07 am PDT by
Following widespread reports that the iPhone 12 mini has experienced poor sales performance, at least relative to other iPhone 12 models, Taiwanese research firm TrendForce today claimed that production of the device has already ended. According to TrendForce, the iPhone 12 mini "reached End-of-Life ahead of time" during the second quarter of 2021, suggesting that Apple will focus on selling ...
Dark Sky App Featured

Apple Updates Dark Sky Weather App With Apple Watch Improvements and More

Tuesday June 22, 2021 11:58 am PDT by
Apple today updated the Dark Sky weather app for the first time since November with improved VoiceOver support and other bug fixes and performance improvements. In addition, Dark Sky complications on the Apple Watch now update more frequently. The full release notes for Dark Sky version 6.8.6:• Improved VoiceOver support • Complications on Apple Watch update more frequently •...
iPhone 12 v Android 2020

Apple Executive Says Users Who Want App Sideloading Already Have That Option With Other Platforms

Wednesday June 23, 2021 5:07 am PDT by
Apple earlier today published a detailed report outlining in blatant terms the negative impact that sideloading would have on the iPhone and iPad, specifically calling out the impacts it would have on user privacy and security. Now, the company is continuing its PR push, with an executive noting in an interview that users who wish to sideload apps already have that option thanks to other...
iOS Spam Calendar Feature

iCloud Users Continue to Be Plagued by Calendar Spam

Monday June 21, 2021 8:51 am PDT by
Despite previous attempts to put the situation at rest, some iCloud users continue to experience spam calendar invitations, causing their calendars to be filled with random events. The situation received widespread coverage in 2016, where Apple said that it was "actively working to address this issue" by "identifying and blocking suspicious senders." Victims are targeted in various ways. The ...
primeday2020 feature3

Amazon Prime Day: The Best Apple Deals

Monday June 21, 2021 6:15 am PDT by
Amazon's annual Prime Day event has officially kicked off today, beginning 48 hours of discounts, offers, and tons of savings across Amazon's storefront. This includes everything from home electronics to clothing, jewelry, video games, movies, and much more. Note: MacRumors is an affiliate partner with these vendors. When you click a link and make a purchase, we may receive a small payment,...
ios wifi settings

iOS Bug Causes Specific Network Name to Disable Wi-Fi on iPhones

Sunday June 20, 2021 4:15 am PDT by
A wireless network naming bug has been discovered in iOS that effectively disables an iPhone's ability to connect to Wi-Fi. Security researcher Carl Schou found that after joining a Wi-Fi network with the name "%p%s%s%s%s%n" his iPhone's Wi-Fi functionality was left "permanently disabled." Changing a hotspot's SSID did nothing to correct the problem, with even a reboot failing to make a...
iphone 13 lineup dummy models

iPhone 13 Dummy Models Depict Repositioned Camera Modules

Wednesday June 23, 2021 4:12 am PDT by
New alleged dummy models of the upcoming iPhone 13, shared by leaker Sonny Dickson on Twitter, depict a modified camera layout on the standard iPhone 13 and iPhone 13 mini, with two lenses in a diagonal arrangement rather than the vertical arrangement seen on the iPhone 12 models. The dummy models generally line up with iPhone 13 schematics previously seen by MacRumors, which showed that the ...
iphone 13 yellow

TrendForce: iPhone 13 Lineup Will Remain Limited to Maximum 512GB of Storage

Monday June 21, 2021 6:33 am PDT by
Apple will likely unveil its next-generation "iPhone 12s" or "iPhone 13" lineup in around two and a half months from now, and ahead of time, Taiwanese research firm TrendForce has outlined its expectations for the devices. A summary of TrendForce's expectations:Apple will unveil four new iPhones in September, including a mini model, a standard model, and two Pro models. September is the...