Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards — up to $2 million and a maximum payout in excess of $5 million — expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.| A major evolution of Apple Security Bounty, with the industry's top awards fo...
Apple’s Security Bounty program has paid nearly $20 million in rewards to security researchers in just two and a half years. Our new site makes it easier than ever for researchers to submit reports on the web, get real-time updates from Apple engineering, and earn recognition for helping to improve security for the users of over 1.8 billion devices worldwide.| Apple Security Research
Improving software memory safety is a key security objective for engineering teams across the industry. Here we begin a journey into the XNU kernel at the core of iOS and explore the intricate work our engineering teams have done to harden the memory allocator and make our software much more difficult to exploit.| Apple Security Research
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consum...| Apple Security Research
Private Cloud Compute (PCC) fulfills computationally intensive requests for Apple Intelligence while providing groundbreaking privacy and security protections — by bringing our industry-leading device security model into the cloud. To build public trust in our system, we’re making it possible for researchers to inspect and verify PCC’s security and privacy guarantees by releasing tools and resources including a comprehensive PCC Security Guide, the software binaries and source code of k...| Apple Security Research
The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet were to meet kalloc_type in iOS 16.| Apple Security Research
iMessage broke new ground in 2011 as the first widely available messaging service to provide secure end-to-end encryption by default. Ever since, we’ve been making ongoing improvements to iMessage security to protect our users’ most sensitive communications. This brief technical overview introduces the security model behind iMessage Contact Key Verification, a new feature available in the developer previews of iOS 17.2, macOS 14.2, and watchOS 10.2, that advances the state of the art of k...| Apple Security Research
We are introducing PQ3, a groundbreaking cryptographic protocol for iMessage that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 provides protocol protections that surpass those in all other widely deployed messaging apps.| Apple Security Research
Starting today, security researchers are invited to apply for the 2024 Security Research Device Program. Learn about eligibility requirements and how our Security Research Device helps both new and experienced researchers accelerate their work with iOS. We're accepting applications through October 31, 2023.| Apple Security Research
Hear about the latest advances in Apple security from our engineering teams, send us your own research, and work directly with us to be recognized and rewarded for helping keep our users safe.| Apple Security Research
Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consum...| Blog - Memory Integrity Enforcement: A complete vision for memory safety in A...
Get an iPhone dedicated to security research through the Apple Security Research Device program. Learn how to apply.| Security Research Device - Apple Security Research
Private Cloud Compute (PCC) fulfills computationally intensive requests for Apple Intelligence while providing groundbreaking privacy and security protections — by bringing our industry-leading device security model into the cloud. To build public trust in our system, we’re making it possible for researchers to inspect and verify PCC’s security and privacy guarantees by releasing tools and resources including a comprehensive PCC Security Guide, the software binaries and source code of k...| Blog - Security research on Private Cloud Compute - Apple Security Research
Secure and private AI processing in the cloud poses a formidable new challenge. To support advanced features of Apple Intelligence with larger foundation models, we created Private Cloud Compute (PCC), a groundbreaking cloud intelligence system designed specifically for private AI processing. Built with custom Apple silicon and a hardened operating system, Private Cloud Compute extends the industry-leading security and privacy of Apple devices into the cloud, making sure that personal user da...| Private Cloud Compute: A new frontier for AI privacy in the cloud - Apple Sec...
We are introducing PQ3, a groundbreaking cryptographic protocol for iMessage that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 provides protocol protections that surpass those in all other widely deployed messaging apps.| Blog - iMessage with PQ3: The new state of the art in quantum-secure messagin...
Your security research may be eligible for a reward through the Apple Security Bounty. We welcome reports from anyone.| Bounty - Apple Security Research
