Apple Launches Security Research Device Program to Give Bug Hunters Deeper OS Access to Find Vulnerabilities

Apple is today launching a new Apple Security Research Device Program that's designed to provide security researchers with special iPhones that are dedicated to security research with unique code execution and containment policies.

applesecuritydevice
Apple last year said it would be providing security researchers with access to "special" iPhones that would make it easier for them to find security vulnerabilities and weaknesses to make iOS devices more secure, which appears to be the program that's rolling out now.

The iPhones that Apple is providing to security researchers are less locked down than consumer devices and will make it easier to find serious security vulnerabilities.

Apple says the Security Research Device (SRD) offers shell access and can run any tools or entitlements, but other than that, it behaves similarly to a standard iPhone. SRDs are provided to security researchers on a 12-month renewable basis and remain Apple property. Bugs discovered with the SRD must be "promptly" reported to Apple or a relevant third-party.

If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party. If you didn't use the SRD for any aspect of your work with a vulnerability, Apple strongly encourages (and rewards, through the Apple Security Bounty) that you report the vulnerability, but you are not required to do so.

If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others.

Apple is accepting applications for the Security Research Device Program. Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.

Those that participate in the program will have access to extensive documentation and a dedicated forum with Apple engineers, with Apple telling TechCrunch that it wants the program to be a collaboration.

The Security Research Device Program will run alongside the bug bounty program, and hackers can file bug reports with Apple and receive payouts of up to $1 million, with bonuses possible for the worst vulnerabilities.

Top Rated Comments

Vanilla35 Avatar
18 months ago


Attachment Image
Score: 12 Votes (Like | Disagree)
alphaswift Avatar
18 months ago
Every government in the world just joined the Apple Developer Program.
Score: 7 Votes (Like | Disagree)
tehabe Avatar
18 months ago
The big issue is, that Apple controls everything in this programme. Apple could decide not to fix an issue and nobody would know because only Apple decides when to release the information. That is btw the reason why Google's Project Zero won't join this programme, it is against their 90 days publication policy.
Score: 3 Votes (Like | Disagree)
Sasparilla Avatar
18 months ago
Nice to see. Just keep making security better on it Apple.
Score: 2 Votes (Like | Disagree)
SecuritySteve Avatar
18 months ago

How is this different than the crash logs we already have in iOS?
There's a huge difference. Right now there's no way to inspect the file system to see if there was a successful breach, and crash logs only contain a stack trace and memory snapshot of application. With this kit you have full access to the device that normally would be protected. This lets you probe more sensitive areas such as Secure Enclave.

It also lets you do more detailed API testing and fuzzing as root on the iPhone, similar to what Google Project Zero's Ian Beer does.
Score: 2 Votes (Like | Disagree)
Saipher Avatar
18 months ago
This is great news!




Every government in the world just joined the Apple Developer Program.

Requirements include being in the Apple Developer Program, and having a track record finding security issues on Apple platforms.
I think we will be ok.
Score: 1 Votes (Like | Disagree)

Related Stories

iphone holiday

Best Black Friday iPhone Deals Still Available

Friday November 26, 2021 4:58 am PST by
Cellular carriers have always offered big savings on the newest iPhone models in holidays past, and Black Friday 2021 is no different. Right now we're tracking notable offers on the iPhone 13 and iPhone 13 Pro devices from AT&T, Verizon, and T-Mobile. For even more savings, keep an eye on older models like iPhone SE. Note: MacRumors is an affiliate partner with some of these vendors. When you...
General black friday 20 sale feature 2

Best Black Friday Deals on Apple Watch, AirPods Pro, MacBook Pro, More

Wednesday November 24, 2021 8:06 am PST by
Black Friday 2021 has kicked off, and you can now get some of the year's best deals on numerous Apple products. In this article we're providing a quick summary of all the best sales we've seen so far this season. For more on the best sales happening this week, visit our Black Friday Roundup. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
apple mixed reality headset mockup feature purple

Kuo: Apple AR Headset Coming in Late 2022 With Mac-Level Computing Power

Thursday November 25, 2021 8:32 pm PST by
Apple's long-rumored augmented reality (AR) headset project is set to bear its first fruit late next year with the launch of the first device carrying a pair of processors to support its high-end capabilities, according to a new research report from noted analyst Ming-Chi Kuo seen by MacRumors. According to Kuo, the higher-end main processor is said to be similar to the M1 chip Apple...
apple watch cellular holiday

Best Black Friday Apple Watch Deals Still Available

Friday November 26, 2021 4:55 am PST by
The Apple Watch always makes a great gift around the holiday season, and for Black Friday 2021 we're tracking a few solid offers on numerous models of the Apple Watch. In this article, you'll find the best Black Friday sales on the new Apple Watch 7, but the best money-saving discounts will be found on older models like the Apple Watch Series 3 and SE. Note: MacRumors is an affiliate partner...
airpods family holiday

Best Black Friday AirPods Deals Still Available

Friday November 26, 2021 4:04 am PST by
Black Friday 2021 deals are still going strong, and we're tracking the best deals across Apple's AirPods lineup. Throughout the week we've been sharing the best sales for Apple devices like iPhone, Mac, and iPad, so be sure to follow us on Twitter for all of the latest Black Friday sales Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a...
airpods 3 blue holiday 2

Black Friday: AirPods 3 Hit Record Low Price of $149.99 ($29 Off)

Thursday November 25, 2021 6:10 am PST by
Amazon has introduced a new record low price on the AirPods 3, available for $149.99, down from $179.00. At $29 off, this sale price beats the one that we were tracking earlier this week by about $5 and it's only available on Amazon as of writing. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which ...
iPads black friday 20 sale feature

Best Black Friday iPad Deals Still Available

Friday November 26, 2021 4:48 am PST by
Although Black Friday sales began as early as October in 2021, the shopping holiday is now officially underway and we're highlighting the best sales for each of Apple's product lines. In this article, you'll find the best Black Friday sales on iPad Pro and iPad mini. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a...
airpods 2 blue holiday 2

Black Friday: AirPods 2 Available for $99.99 on Amazon ($29 off)

Thursday November 25, 2021 7:11 am PST by
AirPods deals continue to be some of the best offers we're tracking this Black Friday, and today Amazon kicked off a notable new deal on the AirPods 2. You can get the model with the Wired Charging Case for just $99.99 right now, down from $129.00. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment,...