Apple today announced that it is accepting applications for its 2024 iPhone Security Research Device Program, allowing security researchers to get specialized Apple devices that make it easier to find critical iOS vulnerabilities.
The iPhone Security Research Device Program (SRDP) has been around since 2019, and researchers have used it to locate 130 high-impact security vulnerabilities. Apple says that researchers have helped it to implement "novel mitigations" for protecting iOS devices.
Over the course of the last six months, program participants have received 37 CVE credits for their findings, and have contributed to improvements for the XNU kernel, kernel extensions, and XPC services.
Researchers who participate in the SRDP are eligible for Apple Security Bounty payouts. Apple has rewarded more than 100 reports from SRDP researches, and says that "multiple awards" have reached $500,000 with a median award of close to $18,000.
The iPhone 14 Pro research devices that Apple provides to participants feature special hardware and software designed for security research. Researchers are able to configure or disable the iOS security protections to manipulate them in ways not possible with a standard iPhone.
SRDs are available to security researchers who have a track record in security research both on the iPhone and other platforms, plus Apple is making devices available to university educators who want to use it as a teaching tool for computer science students.
Apple selects a limited number of participants each year to receive a research device, and applications are open until October 31, 2023. Selected participants will be notified in early 2024.
