Dan Underwood

A major evolution of Apple Security Bounty, with the industry's top awards for the most advanced research - Apple Security Research Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards — up to $2 million and a maximum payout in excess of $5 million — expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.

We're updating our bounty program with the top award now set at $2 million for zero-click remote exploit chains. In addition - there are increased awards for proximate wireless attacks, WebKit, and Gatekeeper

security.apple.com/blog/apple...

Localization Software Engineer - Jobs - Careers at Apple Apply for a Localization Software Engineer job at Apple. Read about the role and find out if it’s right for you.

Did you know that more than half of all iPhones around the world are being used in languages other than English?

My team helps make that possible, and we're hiring! Our work is very dynamic and spans the entire localization pipeline, from internal tools to all our OSes.

jobs.apple.com/en-us/detail

Apple's latest iPhone security feature just made life more difficult for spyware makers | TechCrunch Apple launched a new security feature for iPhone 17 and iPhone Air designed to reduce the effect of memory corruption bugs, and in turn make spyware and zero-days more difficult to hack into iPhones.

"The iPhone 17 is probably now the most secure computing environment on the planet that is still connected to the internet,"

Dear PPS community, In recent weeks, we've seen a concerning rise in compromised student accounts. Attackers are gaining access to these accounts and using them to send thousands of phishing and scam emails worldwide. Our investigation shows that many of these breaches result from students reusing passwords across multiple services. Once attackers obtain credentials from other sites, they try them against school accounts with significant success. To better protect student accounts and reduce their value as targets, we are making a change: Students will no longer be able to set up Multi-Factor Authentication (MFA) on their Google accounts. Attackers have been exploiting this feature by enabling MFA themselves to strengthen their hold on compromised accounts. By blocking this option, we disrupt their process.

@rmondello.com Neven got this email from Portland Public Schools that is relevant to your interests. I'll be thinking about it for a while…

Blog - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices - Apple Security Research Memory Integrity Enforcement (MIE) is the culmination of an unprecedented design and engineering effort spanning half a decade that combines the unique strengths of Apple silicon hardware with our advanced operating system security to provide industry-first, always-on memory safety protection across our devices — without compromising our best-in-class device performance. We believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.

iPhone 17, iPhone Air, and iPhone 17 Pro all support
Memory Integrity Enforcement bringing a significant advancement in memory safety - including to developers as part of the Enhanced Security feature announced earlier this year at WWDC

Supercharge device connectivity with Wi-Fi Aware - WWDC25 - Videos - Apple Developer Learn how to create peer-to-peer network connections with Wi-Fi Aware. We'll also cover how to share videos in real time, transfer large...

With iOS 26.0, we're introducing support for Wi-Fi Aware via AccessorySetupKit - this makes it easy for users to connect to and set up your accessories securely, and build peer to peer connectivity experiences with DeviceDiscoveryUI!

https://developer.apple.com/videos/play/wwdc2025/228

#wwdc25

Enabling enhanced security for your app | Apple Developer Documentation Detect out-of-bounds memory access, use of freed memory, and other potential vulnerabilities.

We've launched support for developers to build their own security hardened extensions, distribute apps using Pointer Authentication, and access a range of other security mitigations: https://developer.apple.com/documentation/xcode/enabling-enhanced-security-for-your-app

#wwdc25

This is a hugely important update for CryptoKit - make sure you check out the session to learn more about what you do (and don’t) need to do as an App Developer to protect against quantum computers.

Swift at Apple: migrating the Password Monitoring service from Java Swift is heavily used in production for building cloud services at Apple, with incredible results. Last year, the Password Monitoring service was rewritten in Swift, handling multiple billions of requests per day from devices all over the world. In comparison with the previous Java service, the updated backend delivers a 40% increase in performance, along with improved scalability, security, and availability.

New post on the Swift blog: we re-wrote the Password Monitoring service for Apple Passwords in Swift and saw huge improvements in memory use and throughput. Some of the details here still blow my mind; it's a fun read. https://www.swift.org/blog/swift-at-apple-migrating-the-password-monitoring-servi

Manta rays off the coast of Hawaii!

Picked up my Close Your Rings Day pin! (Happy 10th birthday to Apple Watch)

Apple's Mac Site Features Fictional 'Lumon Terminal Pro' Apple is going all out with promotions for the popular Severance Apple TV+ show today, and as of right now, you'll find a new "Lumon Terminal Pro" listed on Apple's Mac site. The Lumon Terminal Pro is designed to look similar to the machines that Severance employees like Mark S. and Helly R. use for macrodata refinement. The Terminal features a blue keyboard, a small display with wide bezels, and a trackball for navigation purposes. Unfortunately, you can't actually buy a Lumon Terminal Pro, though it would undoubtedly sell well to Severance fans. Apple's page links to the company's actual Macs, and to a behind the scenes editing video that Apple shared this morning. The second season of Severance wrapped up last Thursday, so the entire series is now available to stream on ‌Apple TV‌+. Apple renewed Severance for season three, and Severance director Ben Stiller has promised that it won't take another three years for us to get another season.Tag: Apple TV Plus This article, "Apple's Mac Site Features Fictional 'Lumon Terminal Pro'" first appeared on MacRumors.com Discuss this article in our forums

Apple's Mac Site Features Fictional 'Lumon Terminal Pro'

Apple’s Worldwide Developers Conference returns the week of June 9 Apple today announced it will host its annual Worldwide Developers Conference (WWDC) online from June 9 to 13, 2025.

#WWDC25 June 9, 2025
www.apple.com/newsroom/202...

👋 from the Swift team, now on Bluesky!

Decided to do the #promosky as I’m looking for more friends (MDNI), especially people to play games with 🙂

🎮 Zelda, Kirby, Skyrim, No Man’s Sky, Stellaris, Civilization

📺 Dragon Prince, Severance, Foundation

📖 Arc of a Scythe, Mistborn

🎨 Used to write so artists are also welcome (🚫 NFT, genAI)

Maybe a catastrophic natural disaster isn't the best way to advertise your features in an app for managing your smart devices LG

CISA has launched guidance on protecting mobile devices given recent threats against telecommunications infrastructure - including the benefit of Lockdown Mode, Private Relay, and the Passwords app

Security Reviewer, Secure Design - Careers at Apple Apply for a Security Reviewer, Secure Design job at Apple. Read about the role and find out if it’s right for you.

Do you want to work on designing the security of the latest Apple products and features that will be used by over a billion users? Our team is hiring for engineers to help provide security leadership!

https://jobs.apple.com/en-us/details/200582891/security-reviewer-secure-design

My colleagues in the Cryptographic Engineering team within SEAR are hiring in Paris! They're an incredibly talented team working on challenging real world problems - if you're interested please do consider applying

https://jobs.apple.com/en-us/details/200578463/cryptography-engineer-expert

Despite increasing legislation, and a low minimum bar for compliance, it’s incredible (albeit not surprising) how many device manufacturers and software vendors still struggle to provide that bare minimum to allow researchers to report security vulnerabilities

Screenshot of dashboard scores — Chrome 99, Edge 98, Firefox 99, Safari 99

Just look at that Interop 2024 score…
wpt.fyi/interop-2024

Need to improve memory safety in existing unsafe C code? My colleagues have published a patch for clang that introduces support for -f-bounds-safety!

https://github.com/swiftlang/llvm-project/pull/9665

It's going to be a bumper year for "Crypto Means Cryptograpy" stickers

https://www.bloomberg.com/news/articles/2024-11-20/trump-team-mulls-creating-first-ever-white-house-crypto-role

As expected, the first episode of Silo season two was superb.

Proud of my colleagues who have driven the work on this - we just launched a huge amount of security material for PCC (Private Cloud Compute), including a new security guide, Virtual Research Environment, and source code

https://security.apple.com/blog/pcc-security-research/