Apple Launches Security Research Device Program to Give Bug Hunters Deeper OS Access to Find Vulnerabilities

by

Apple is today launching a new Apple Security Research Device Program that's designed to provide security researchers with special iPhones that are dedicated to security research with unique code execution and containment policies.

applesecuritydevice
Apple last year said it would be providing security researchers with access to "special" iPhones that would make it easier for them to find security vulnerabilities and weaknesses to make iOS devices more secure, which appears to be the program that's rolling out now.

The iPhones that Apple is providing to security researchers are less locked down than consumer devices and will make it easier to find serious security vulnerabilities.

Apple says the Security Research Device (SRD) offers shell access and can run any tools or entitlements, but other than that, it behaves similarly to a standard iPhone. SRDs are provided to security researchers on a 12-month renewable basis and remain Apple property. Bugs discovered with the SRD must be "promptly" reported to Apple or a relevant third-party.

If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party. If you didn't use the SRD for any aspect of your work with a vulnerability, Apple strongly encourages (and rewards, through the Apple Security Bounty) that you report the vulnerability, but you are not required to do so.

If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others.

Apple is accepting applications for the Security Research Device Program. Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.

Those that participate in the program will have access to extensive documentation and a dedicated forum with Apple engineers, with Apple telling TechCrunch that it wants the program to be a collaboration.

The Security Research Device Program will run alongside the bug bounty program, and hackers can file bug reports with Apple and receive payouts of up to $1 million, with bonuses possible for the worst vulnerabilities.

Popular Stories

iOS 26

Apple Releases iOS 26.3 and iPadOS 26.3

Wednesday February 11, 2026 10:07 am PST by
Apple today released iOS 26.3 and iPadOS 26.3, the latest updates to the iOS 26 and iPadOS 26 operating systems that came out in September. The new software comes almost two months after Apple released iOS 26.2 and iPadOS 26.2. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. According to Apple's release notes, ...
Read Full Article91 comments
m5 macbook pro deal

Why You Shouldn't Buy the Next MacBook Pro

Tuesday February 10, 2026 4:27 pm PST by
Apple is planning to launch new MacBook Pro models as soon as early March, but if you can, this is one generation you should skip because there's something much better in the works. We're waiting on 14-inch and 16-inch MacBook Pro models with M5 Pro and M5 Max chips, with few changes other than the processor upgrade. There won't be any tweaks to the design or the display, but later this...
Read Full Article243 comments
M3 iPad Air

Apple's Next Two Products Are Coming Soon

Thursday February 12, 2026 11:17 am PST by
Apple plans to release an iPhone 17e and an iPad Air with an M4 chip "in the coming weeks," according to the latest word from Bloomberg's Mark Gurman. "Apple retail employees say that inventory of the iPhone 16e has basically dried out and the iPad Air is seeing shortages as well," said Gurman. "I've been expecting new versions of both (iPhone 17e and M4 iPad Air) in the coming weeks."...
Read Full Article
Apple Logo Black

Apple Acquires New Database App

Wednesday February 11, 2026 6:44 am PST by
Apple acquired Canadian graph database company Kuzu last year, it has emerged. The acquisition, spotted by AppleInsider, was completed in October 2025 for an undisclosed sum. The company's website was subsequently taken down and its Github repository was archived, as is commonplace for Apple acquisitions. Kuzu was "an embedded graph database built for query speed, scalability, and easy of ...
Read Full Article33 comments
iPhone 16e Bottom Crop

Apple Reportedly Unveiling a New iPhone Next Week

Tuesday February 10, 2026 1:51 pm PST by
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld. The report said the iPhone 17e will be announced in a press release on the Apple Newsroom website, so do not expect an event for this device specifically. The iPhone 17e will be a spec-bumped successor to the iPhone 16e. Rumors claim the device will have four key...
Read Full Article

Top Rated Comments

Vanilla35 Avatar
Vanilla35
73 months ago


Attachment Image
Score: 12 Votes (Like | Disagree)
A
alphaswift
73 months ago
Every government in the world just joined the Apple Developer Program.
Score: 7 Votes (Like | Disagree)
tehabe Avatar
tehabe
73 months ago
The big issue is, that Apple controls everything in this programme. Apple could decide not to fix an issue and nobody would know because only Apple decides when to release the information. That is btw the reason why Google's Project Zero won't join this programme, it is against their 90 days publication policy.
Score: 3 Votes (Like | Disagree)
S
Sasparilla
73 months ago
Nice to see. Just keep making security better on it Apple.
Score: 2 Votes (Like | Disagree)
SecuritySteve Avatar
SecuritySteve
73 months ago

How is this different than the crash logs we already have in iOS?
There's a huge difference. Right now there's no way to inspect the file system to see if there was a successful breach, and crash logs only contain a stack trace and memory snapshot of application. With this kit you have full access to the device that normally would be protected. This lets you probe more sensitive areas such as Secure Enclave.

It also lets you do more detailed API testing and fuzzing as root on the iPhone, similar to what Google Project Zero's Ian Beer does.
Score: 2 Votes (Like | Disagree)
Saipher Avatar
Saipher
73 months ago
This is great news!




Every government in the world just joined the Apple Developer Program.

Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.
I think we will be ok.
Score: 1 Votes (Like | Disagree)
Read All Comments