Information Security News mailing list archives
Google's Project Zero team won't be applying for Apple's SRD program
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 23 Jul 2020 09:55:55 +0000 (UTC)
https://www.zdnet.com/article/googles-project-zero-team-wont-be-applying-for-apples-srd-program/ By Catalin Cimpanu Zero Day ZDNet.com July 22, 2020Some of the biggest names in the iPhone vulnerability research field have announced plans today to skip Apple's new Security Research Device (SRD) program due to Apple's restrictive rules surrounding the vulnerability disclosure process that effectively muzzles security researchers.
The list includes Project Zero (Google's elite bug-hunting team), Will Strafach (CEO of mobile security company Guardian), ZecOps (mobile security firm who recently discovered a series of iOS attacks), and Axi0mX (iOS vulnerability researcher and the author of the Checkm8 iOS exploit).
WHAT IS THE APPLE SRD PROGRAMThe Security Research Device (SRD) program is unique among smartphone makers. Through the SRD program, Apple has promised to provide pre-sale iPhones to security researchers.
These iPhones are modified to have fewer restrictions and allow deeper access to the iOS operating system and the device's hardware, so security researchers can probe for bugs that they normally wouldn't be able to discover on standard iPhones where the phone's default security features prevent security tools from seeing deeper into the phone.
[...] -- Subscribe to InfoSec News https://www.infosecnews.org/subscribe-to-infosec-news/ Follow InfoSec News on Twitter https://twitter.com/infosecnews_ Follow InfoSec News on LinkedIn https://www.linkedin.com/company/infosecnews/
Current thread:
- Google's Project Zero team won't be applying for Apple's SRD program InfoSec News (Jul 23)