Customers line up at an Apple Store to pickup the new iPhone 14 on Sept. 16, 2022, in Wuhan. Hubei, China. (Photo by Getty Images)

Apple launched a new website late last week to help security researchers report issues to the iPhone maker after the tech giant released a number of security updates for its operating systems running on its products.

The first and only two entries so far as of this writing are dated Oct. 27 — the first discussing efforts to improve XNU memory safety, and the second detailing how it’s making it easier for researchers to report security issues and communicate with its teams.

The first post by Apple’s security engineering and architecture team is meant to be a series on improving memory safety by hardening the memory allocator. 

“To inaugurate our security research blog, we present the first in a series of technical posts that delves into important memory safety upgrades in XNU, the kernel at the core of iPhone, iPad, and Mac.”

The rest of the post is a rather technically detailed primer and lengthy article that “assumes a familiarity with the taxonomy of memory safety.”

A screenshot from Apple's new research website announcing its Security Research Device, which is a "specially fused iPhone that allows you to perform iOS security research without having to bypass its security features."

Apple Security Research Device Program announced

Apple’s security bounty program is detailed in the second post. Authored by its product security team, the post addresses what “we’ve learned about some things we can do better,” saying Apple is responding to researchers more quickly, making it easier for researchers to communicate with its teams, and providing more transparency to researchers.

Apple also announced in the second post that it’s accepting applications through Nov. 30 to the 2023 Apple Security Research Device Program for security researchers to “go deeper, or improve the efficiency of your research work with iOS” by offering security teams an exclusive iPhone to use for security research.

The launch of such a security website to inform and receive feedback from the security community could be in response to criticism that the Cupertino, California-based company is tight-lipped about vulnerabilities it releases in security bulletins, which leads to confusion by saying too little, as Sophos’ Naked Security blog wrote Oct. 28 about the security patches released last week.