Security News > 2023 > August > Apple offers security researchers specialized iPhones to tinker with
Apple is inviting security researchers to apply for the Apple Security Research Device Program again, to discover vulnerabilities and earn bug bounties.
In the intervening years, participating researchers have identified 130 security-critical vulnerabilities and have indirectly helped Apple implement security improvements in the XNU kernel, kernel extensions, and XPC services around the system.
The Security Research Device is a specially-built hardware variant of iPhone 14 Pro, with tooling and options that allow researchers to configure or disable many advanced security protections of iOS. Researchers can install and boot custom kernel caches on it, run arbitrary code, start services at startup, persist content across restarts, and more.
"To help ensure that user devices aren't affected by the security research device execution policy, the policy changes are implemented in a variant of iBoot and in the Boot Kernel Collection."
Reported security issues will be eligible for awards under the Apple Security Bounty.
"Each year, we select a limited number of security researchers to receive an SRD through an application process that's primarily based on a track record in security research, including on platforms other than iPhone," the Apple Security Engineering and Architecture team explained.
News URL
https://www.helpnetsecurity.com/2023/08/31/iphone-security-research/
Related news
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Fraudsters imprisoned for scamming Apple out of 6,000 iPhones (source)
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple creates Private Cloud Compute VM to let researchers find bugs (source)
- Germany drafts law to protect researchers who find security flaws (source)