Security News > 2023 > August > Apple offers security researchers specialized iPhones to tinker with

Apple is inviting security researchers to apply for the Apple Security Research Device Program again, to discover vulnerabilities and earn bug bounties.

In the intervening years, participating researchers have identified 130 security-critical vulnerabilities and have indirectly helped Apple implement security improvements in the XNU kernel, kernel extensions, and XPC services around the system.

The Security Research Device is a specially-built hardware variant of iPhone 14 Pro, with tooling and options that allow researchers to configure or disable many advanced security protections of iOS. Researchers can install and boot custom kernel caches on it, run arbitrary code, start services at startup, persist content across restarts, and more.

"To help ensure that user devices aren't affected by the security research device execution policy, the policy changes are implemented in a variant of iBoot and in the Boot Kernel Collection."

Reported security issues will be eligible for awards under the Apple Security Bounty.

"Each year, we select a limited number of security researchers to receive an SRD through an application process that's primarily based on a track record in security research, including on platforms other than iPhone," the Apple Security Engineering and Architecture team explained.

News URL

https://www.helpnetsecurity.com/2023/08/31/iphone-security-research/