Apple has launched a new website to help security researchers report problems to the iPhone maker. Apple Security Research includes tools to help researchers with real-time status updates and provides the ability to communicate with Apple engineers. It also provides security researchers with information about Apple’s bug bounty program.
“Hear from our engineering teams about the latest advances in Apple security, send us your own research, and work directly with us to be recognized and rewarded for helping keep our users safe,” reads Apple’s new website.
A key area of focus is memory security, which Apple says is the most exploited security vulnerability. This follows the release of iOS 15.7.1 and iOS 16.1, both of which fix major kernel vulnerabilities discovered by security researchers.
Since launching its bug bounty program two years ago, Apple claims it has awarded nearly $20 million to researchers. This includes 20 individual payments of $100,000.
The iPhone maker also aims to improve transparency by adding detailed Apple Security Bounty information and evaluation criteria to the site, Apple said in a blog. “Bounty categories include categories and examples, so you can decide where you want to focus your research and therefore predict whether your report is eligible for a particular award.”
From now until November 30, 2022, Apple is also accepting applications for the 2023 Apple Security Research Device Program, in which the iPhone is dedicated exclusively to security research.
Apple’s security website—a great move
Independent security researcher Sean Wright says Apple’s website is a “great move”. “Reducing the friction and burden associated with disclosing vulnerabilities with vendors often takes more work than finding the actual flaw,” he says.
One tool to help make this as seamless as possible, according to Wright, “is going to benefit everyone involved and hopefully get issues resolved more quickly”.
This could encourage more researchers to examine Apple products for memory-related vulnerabilities, Wright adds.
Ultimately, better security for Apple products is a win for users, Wright says. “Hopefully, other programs and tools like this will follow.”