Apple may soon hand special iPhones to security researchers


Apparently, the tech giant plans to provide researchers part of its invite-only bug bounty program with iPhones that aren’t as locked down as the consumer version. Forbes says they won’t be as open as the ones reserved for the company’s employees, but they might be open enough to give researchers a way to look at the device more closely. The phones could, for instance, give the participants a way to inspect parts of the OS or specific components, such as the memory, to look for vulnerabilities.

In addition, the company is reportedly launching its long-delayed bug bounty program for Mac. Earlier this year, a researcher discovered an exploit that would allow bad actors to grab passwords from login and system keychains without requiring administrator privileges. He refused to tell Apple the vulnerability’s details, however, to protest the fact that its bug bounty program only pays out for iOS bugs and not for macOS ones.

As Patrick Wardle, principal security researcher at Jamf that found several issues in macOS, told Forbes: “If you’re a large, well-resourced company such as Apple, who claims to place a premium on security, having a bug-bounty program is a no brainer.” Providing rewards to security researchers for uncovering flaws in hardware and software could compel them to report the vulnerabilities to the company, making Apple’s products safer and more secure.


Source link