Focus on source code security and collect the latest information at home and abroad!
Compiled by: Code Guard
Apple announced that security researchers have until the end of October this year to apply for a Security Research Device (SRD).
SRD is an iPhone 14 Pro with security features and shell access disabled for vulnerability research. Apple notes that these devices are "specially built hardware variants" of pre-consumer devices that provide researchers with the tools necessary to disable built-in iOS security measures.
Apple notes, "Shell access is available so you can run any tool, choose your own privileges, and even customize the kernel. Additionally, any vulnerabilities discovered through SRD are automatically considered eligible for Apple's security bug bounty program."
Apple will provide the SRD equipment on a 12-month renewable loan, during which time the equipment will remain in Apple's possession. Equipment can be used for:
Install and enable a custom kernel cache
Run arbitrary code with any rights, such as platform and root outside the sandbox
Set NVRAM variables
Install and launch custom firmware for Secure Page Table Monitor (SPTM) and Trusted Execution Monitor (TXM) in iOS 17
Apple mentions that iPhones provided through the SRD program should only be used by authorized personnel and should not leave the security research site.
Application deadline is October 31st
Apple noted, “From now until October 31, we invite security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to jump-start iPhone research, work with our research teams to protect users, and apply for Apple security bug bounties. "Every year, we select a certain number of security researchers through the SRD application process, and the selection criteria are mainly based on their security research records, including research on platforms other than iPhone."
Universities can also use this application process to obtain SRD devices to facilitate computer science courses. Apple will conduct a full evaluation of all applications by the end of this year and notify selected participants of the results in early 2024.
Code Guard trial address: https://codesafe.qianxin.com
Open source guard trial address: https://oss.qianxin.com
Recommended reading
Apple urgently fixes two exploited 0days affecting iPhone and Mac devices
Apple fixes eighth 0day affecting iPhone and Mac devices this year
Apple fixes exploited 0day, affecting iPhone, iPad and Mac
Apple slams law enforcement: iPhone Lightning port disconnects every hour
Apple launches bug bounty program for new Lockdown Mode features, up to $2 million
[BlackHat] Researcher complains about Apple's bug bounty program
Original link
https://www.bleepingcomputer.com/news/apple/apple-opens-2024-applications-to-get-security-research-iphones/
Title image: Pexels License
This article was compiled by Qi Anxin and does not represent the views of Qi Anxin. Please indicate "Reprinted from Qianxin Code Guard https://codesafe.qianxin.com" when reprinting.
Qi Anxin code guard (codesafe)
The first domestic product line focusing on software development security.
If you think it’s good, just click “Looking” or “Like”~