Apple has launched a new website to help security researchers report issues to the iPhone maker. Apple Security Research includes tools to help researchers with real-time status updates and offers the ability to communicate with Apple engineers investigating issues. It also provides security researchers with information about Apple’s bug bounty program.
“Hear about the latest advances in Apple security from our engineering teams, send us your own research, and work directly with us to be recognized and rewarded for helping keep our users safe,” Apple’s new website reads.
A key area of focus is memory safety, which Apple says is the most often exploited type of security vulnerability. It comes after the release of iOS 15.7.1 and iOS 16.1, both of which fix a major Kernel vulnerability discovered by security researchers.
Following the launch of its bug bounty program two years ago, Apple claims it has awarded around $20 million to researchers. These include 20 individual payments of $100,000.
The iPhone maker is also aiming to improve transparency by adding detailed Apple Security Bounty information and evaluation criteria to the site, Apple said in a blog. “Bounty categories include ranges and examples, so you can determine where you’d like to focus your research, and so you can anticipate whether your report qualifies for a particular reward.”
From now until November 30, 2022, Apple is also accepting applications for the 2023 Apple Security Research Device Program, which features an iPhone exclusively dedicated to security research.
Apple’s security website—a great move
Independent security researcher Sean Wright says Apple’s website is a “great move”. “Reducing the friction and burden associated with disclosing vulnerabilities with vendors often involves more work than actually discovering the flaw in the first place,” he says.
Wright thinks a tool to help make this as seamless as possible is “going to benefit everyone involved and hopefully result in issues being resolved even more quickly”.
It may also encourage more researchers to examine Apple products for memory related vulnerabilities, Wright adds.
In the end, better security for Apple products is a win for users, Wright says. “Hopefully, others will follow suit with similar programs and tools likes this.”