Skip to main content

Report: Apple to provide ‘pre-jailbroken’ iPhones to researchers, launch macOS bug bounty program

Apple is reportedly set to provide security researchers with unique iPhone models that would allow them to more easily find weaknesses in iOS. Forbes reports that Apple will make this announcement at the Black Hat security conference later this week.

According to the report, the iPhones will be given to security researchers that participate in Apple’s invite-only bug bounty program. Through this program, researchers are rewarded for the iOS bugs they disclose to Apple. Apple first promised the availability of such iPhones in 2016.

What would be different about these iPhones compared to consumer models?

One source with knowledge of the Apple announcement said they would essentially be “dev devices.” Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren’t easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities.

Despite that level of openness, these iPhones will won’t be quite as unlocked as the devices seeded to internal Apple developers and members of its security team. For example, security researchers using these devices will likely not be able to decrypt iPhone firmware.

This program might also reduce the number of leaked developer devices, which have often been sold on the black market.

Elsewhere, the report claims that Apple is also set to launch a Mac bounty program. This would be similar to the iOS bug bounty, and reward security researchers for the vulnerabilities they discover in macOS.

Back in February, a security researcher detailed a macOS exploit to access Keychain passwords, but refused to share details with Apple due to its lack of a bug bounty program for macOS. Ultimately the researcher did share details of the vulnerability with Apple, despite the company not having publicly announcing a bug bounty program.

We’ll likely learn more about both Apple’s new pre-jailbroken device program, as well as the macOS bug bounty at the Black Hat conference this week. Apple’s head of security and engineering, Ivan Krstić, is set to give a talk on Thursday. 

FTC: We use income earning auto affiliate links. More.

OnlyBrush Smart Dental Travel Kit
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Subscribe to 9to5Mac on YouTube for more Apple news:

Comments

Author

Avatar for Chance Miller Chance Miller

Chance is the editor-in-chief of 9to5Mac, overseeing the entire site’s operations. He also hosts the 9to5Mac Daily and 9to5Mac Happy Hour podcasts.

You can send tips, questions, and typos to chance@9to5mac.com.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications