Apple invites researchers to apply to the 2024 iPhone Security Research Device Program
The iPhone Security Research Device Program allows researchers to work with Apple directly in discovering vulnerabilities while still receiving bounty payments. Sign-ups are open through October 31.
Security Research Device
Apple launched the iPhone Security Research Device Program in 2019. The program reportedly works well, having discovered 130 high-profile security-critical vulnerabilities since its launch.
The program website says researchers interested in applying for the 2024 iPhone Security Research Device Program have until October 31. It has paid upwards of $500,000 in awards for discovered vulnerabilities on Security Research Devices -- which are essentially jailbroken iPhones.
The Security Research Device is meant to be used in a controlled environment for security research only. Provided devices are still Apple's property and loaned on a 12-month renewable basis.
Apple's description of a Security Research Device:
The Security Research Device (SRD) is a specially fused iPhone that allows you to perform iOS security research without having to bypass its security features. Shell access is available, and you can run any tools, choose your own entitlements, and even customize the kernel. Using the SRD allows you to confidently report all your findings to Apple without the risk of losing access to the inner layers of iOS security.
Researchers can use a Security Research Device to:
- Install and boot custom kernel caches.
- Run arbitrary code with any entitlements, including as platform and as root outside the sandbox.
- Set NVRAM variables.
- Install and boot custom firmware for Secure Page Table Monitor (SPTM) and Trusted Execution Monitor (TXM), new in iOS 17.
Apply at Apple's security website.
Read on AppleInsider