Apple announced today that it will begin accepting applications for the 2024 iPhone Security Research Equipment Program, which will provide security researchers with specialized Apple devices to more easily discover critical vulnerabilities in iOS systems.
Apple’s Security Research Program (SRDP) launched in 2019, and researchers have discovered 130 high-impact security vulnerabilities through the program. Apple said researchers helped it implement “novel fixes” to protect iOS devices.
Over the past six months, program participants have earned 37 CVE credits for contributing to improvements to the XNU kernel, kernel extensions, and XPC services.
Researchers participating in the SRDP are eligible for Apple Security Bonuses. Apple has awarded more than 100 reports from SRDP researchers and said that “multiple awards” reached US$500,000, with the median award close to US$18,000.
The iPhone 14 Pro research devices Apple provided to participants had special hardware and software designed for security research. Researchers can configure or disable iOS security protections in order to manipulate them in ways not possible with a standard iPhone. The SRD is intended for security researchers with experience working on iPhones and other platforms, while Apple is also making the device available to university educators who want to use it as a teaching tool for computer science students.
Apple selects a limited number of participants each year to receive research devices, with applications due by October 31, 2023. Selected participants will be notified in early 2024.
