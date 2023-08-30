Apple’s iPhone Security Research Device Program provides researchers with the opportunity to collaborate with Apple in identifying vulnerabilities in its devices. The program, which has been in operation since 2019, has already discovered 130 high-profile security-critical vulnerabilities. Researchers interested in participating in the 2024 program can apply until October 31.

The Security Research Device, provided by Apple for research purposes, is essentially a jailbroken iPhone. It is intended to be used in a controlled environment exclusively for security research. Researchers who utilize these devices have the freedom to run various tools, customize the kernel, and choose their own entitlements, all while maintaining access to the inner layers of iOS security.

The benefits of participating in the program include not only the opportunity to work closely with Apple but also the potential to receive bounty payments. Apple has awarded over $500,000 to researchers for discovered vulnerabilities on Security Research Devices.

Researchers who are selected for the program can use the Security Research Device to perform several tasks. These include installing and booting custom kernel caches, running arbitrary code with any entitlements, setting NVRAM variables, and even installing and booting custom firmware for the Secure Page Table Monitor (SPTM) and Trusted Execution Monitor (TXM) in the latest iOS update.

To apply for the program, researchers and educators at the university level can submit their applications for review. The selected participants will be notified in early 2024.

The iPhone Security Research Device Program presents a valuable opportunity for researchers to contribute to the improvement of Apple’s security measures, while also receiving recognition and financial remuneration for their efforts.

