Connect with us

Hi, what are you looking for?


Mobile & Wireless

Apple Preparing iPhone 14 Pro Phones for 2024 Security Research Device Program

Apple is inviting security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to receive hackable iPhones.

Apple Security Research Device Program 2024

Apple on Wednesday announced that it is now accepting applications for the 2024 iPhone Security Research Device Program (SRDP).

Intended for security researchers looking to identify vulnerabilities in Apple’s mobile devices and earn rewards for eligible findings, the SRDP program was launched in 2019.

Since its inception, the program has resulted in the discovery of 130 critical-severity vulnerabilities, with 37 CVE identifiers issued over the past six months alone, Apple says.

The tech giant claims that the reports received as part of the program have helped it implement novel mitigations in its operating systems, including in areas such as kernel and kernel extensions, and XPC services (helper tools for Apple’s lightweight mechanism for basic interprocess communication).

Security researchers accepted in the 2024 SRDP will receive specially-built hardware variants of the iPhone 14 Pro that are specifically designed for security research.

These iPhones, which Apple calls Security Research Devices (SRDs), feature tools and options enabling researchers to configure or disable iOS’s advanced security protections.

These devices allow researchers to install custom kernel caches, run arbitrary code with various options, change NVRAM variables, and “install and boot custom firmware for Secure Page Table Monitor (SPTM) and Trusted Execution Monitor (TXM), new in iOS 17”.

Advertisement. Scroll to continue reading.

Security researchers reporting issues identified using an SRD are also eligible for receiving rewards through Apple’s bug bounty program.

“We’re pleased to have rewarded over 100 reports from our SRDP researchers, with multiple awards reaching $500,000 and a median award of nearly $18,000,” the tech giant says.

Each year, Apple provides SRDs to a limited number of security researchers who apply to the program and who are selected based on their track record, including on other platforms.

This year, interested researchers have until October 31, 2023, to apply for the program. Apple says it will notify the selected participants by the end of the year.

Apple is also giving SRDs to select academics, to use them as teaching tools in security research classes.

Related: Apple Lists APIs That Developers Can Only Use for Good Reason

Related: Apple Patches Another Kernel Flaw Exploited in ‘Operation Triangulation’ Attacks

Related: Apple’s Rapid Security Response Patches Causing Website Access Issues

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.