Launch of Apple Security Research with a website, blog and open applications for the research device program

ByLance T. Lee

Oct 27, 2022


Along with announcing its new lockdown mode feature last summer, the company mentioned an improved bounty program, a donation to fund ethical security research, and more. Now, Apple Security Research has officially launched with a dedicated website, blog, details on bounty changes, open applications for research device programs, and more.

Apple today launched the new Security Hub website led by two blog posts.

“Our breakthrough security technologies protect users of more than 1.8 billion active devices worldwide. Learn about the latest Apple security advancements from our engineering teams, send us your own research, and work directly with us to be recognized and rewarded for helping keep our users safe.

Changes to Apple Security Premium

First, Apple detailed how its security bounty program was upgraded:

“In the past two and a half years since our program opened, we are extremely proud to have awarded Researchers nearly $20 million in total payouts, with an average payout of $40,000 in the Product category, and including 20 separate rewards of over $100,000 for high prizes. – impact issues. To our knowledge, this makes Apple Security Bounty the fastest growing bounty program in the history of the Apple Security Bounty. ‘industry.

During this time, our team has worked closely with researchers around the world and we have learned some things that we can improve.

First, we respond much faster. Sometimes we have received many more submissions than expected, so we have expanded our team and worked hard to be able to complete an initial assessment of nearly all reports we receive within two weeks, and most within six days.

Second, we make it easier for researchers to report issues and communicate with our teams. Our Apple Security Research site includes a new way to send us web searches and get real-time status updates. Simply sign in with your Apple ID and follow the instructions to send us a detailed report. You can then track the progress of your report and communicate securely with Apple engineers while we investigate.

“We also offer more transparency. Our site now includes detailed Apple Security Bounty information and judging criteria. Award categories include ranges and examples, so you can determine where you want to focus your research, and so you can anticipate whether your report qualifies for a particular award. We have provided ranges for submissions that impact Apple services and infrastructure, as well as our products.

Opening of applications for security research devices

Another announcement shared on the new website is that the Apple Security Research Device applications window is open:

“From today until November 30, 2022, we are also accepting applications for the 2023 Apple Security Research Device Program. This program includes an iPhone dedicated exclusively to security research and can help start, deepen or improve the efficiency of your research work with iOS.

Safety Blog

In launching the first post of its new technical security blog, Apple talked about the “next generation of XNU memory security: kalloc_type”.

“To kick off our security research blog, we present the first in a series of technical articles that delves into the important memory security upgrades in XNU, the kernel at the heart of iPhone, iPad and Mac.Since nearly all popular user devices today rely on code written in programming languages ​​such as C and C++ which are considered “memory hazardous”, meaning that they do not provide strong safeguards that prevent certain classes of software bugs, improving memory safety is an important goal for engineering teams in the industry.

Read the full article on Apple’s new security site.

Security Jobs at Apple

Additionally, Apple has a link to submit your resume and interest in security roles within the company.


At the bottom of Apple’s new security website are some additional resources for developers, a link to the Apple Platform Security Guide, and Apple Support.

FTC: We use revenue-generating automatic affiliate links. After.

Check out 9to5Mac on YouTube for more Apple news:

Source link