In order to facilitate the reporting of security issues to the iPhone manufacturer, Apple recently debuted a new website. Researchers can interact with Apple engineers who are looking into vulnerabilities and receive real-time status updates from Apple Security Research’s tools. It also offers details about Apple’s bug bounty programm to security researchers.
“Hear about the latest advances in Apple security from our engineering teams, send us your own research, and work directly with us to be recognized and rewarded for helping keep our users safe,” Apple’s new website reads.
Memory safety, which Apple claims is the most frequently exploited category of security vulnerability, is a major area of focus. It was made available after iOS 15.7.1 and iOS 16.1, both of which addressed a significant Kernel vulnerability that security researchers had uncovered. Additionally, Apple asserts that since the start of its bug bounty program two years ago, it has given out about $20 million to researchers.
According to a blog post by Apple, the iPhone manufacturer also wants to increase transparency by adding thorough information about the Apple Security Bounty and its evaluation standards to the website. Bounty categories provide users with ranges and examples so they can choose where to concentrate their research.
Independent security researcher Sean Wright says Apple’s website is a “great move”. “Reducing the friction and burden associated with disclosing vulnerabilities with vendors often involves more work than actually discovering the flaw in the first place,” he says.
Furthermore, Apple is also welcoming applications for the 2023 Apple Security Research Device Program, which includes an iPhone primarily devoted to security research, from now until November 30, 2022.