If you’re deeply interested in iOS security, you’ll like this.
The Apple Security Research Device program launched on Wednesday, the program’s goal being to provide special iPhones to researchers with code execution and containment policies.
The Security Research Device (SRD) units will feature sell access capable of running any tools and entitlements. The units will remain Apple’s property, but can be leased on a 12-month basis.
The program features the following restrictions:
If you use the SRD to find, test, validate, verify, or confirm a vulnerability, you must promptly report it to Apple and, if the bug is in third-party code, to the appropriate third party. If you didn’t use the SRD for any aspect of your work with a vulnerability, Apple strongly encourages (and rewards, through the Apple Security Bounty) that you report the vulnerability, but you are not required to do so.
If you report a vulnerability affecting Apple products, Apple will provide you with a publication date (usually the date on which Apple releases the update to resolve the issue). Apple will work in good faith to resolve each vulnerability as soon as practical. Until the publication date, you cannot discuss the vulnerability with others.
Applicants also have to meet requirements like having a proven track record of finding security issues, and have an Apple Developer membership.
So, if you’re interested in tearing apart iOS security protocols to help identify exploits, this could be your chance.
Stay tuned for additional details as they become available.
Via The Mac Observer and developer.apple.com