Apple shares Private Cloud Compute resources for researchers, expands Bug Bounty rewards

1 month ago 9
iOS 18 Private Cloud Compute

When it announced Apple Intelligence at WWDC in June, Apple also detailed its new Private Cloud Compute platform. At the time, Apple said it would allow independent experts to verify its claims around security and privacy.

Ahead of the Apple Intelligence launch next week, Apple is making good on this promise.

In a new post on its Security Research Blog, Apple says that it “provided third-party auditors and select security researchers early access” to Private Cloud Compute resources to enable inspection. Now, it’s making those resources available to everyone:

In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment (VRE).

Today we’re making these resources publicly available to invite all security and privacy researchers — or anyone with interest and a technical curiosity — to learn more about PCC and perform their own independent verification of our claims. And we’re excited to announce that we’re expanding Apple Security Bounty to include PCC, with significant rewards for reports of issues with our security or privacy claims.

Apple says that the Virtual Research Environment is a set of tools that enables anyone to perform their “own security analysis of Private Cloud Compute” right on their Mac. The tools can be used to:

  • List and inspect PCC software releases
  • Verify the consistency of the transparency log
  • Download the binaries corresponding to each release
  • Boot a release in a virtualized environment
  • Perform inference against demonstration models
  • Modify and debug the PCC software to enable deeper investigation

Apple is also making the source code for “certain key components” of Private Cloud Compute available.

We’re also making available the source code for certain key components of PCC that help to implement its security and privacy requirements. We provide this source under a limited-use license agreement to allow you to perform deeper analysis of PCC.

Finally, Apple is expanding its Apple Security Bounty program to include rewards for vulnerabilities impacting the security and privacy guarantees of Private Cloud Compute. the maximum bounties for each category range from $50,000 to $1,000,000.

You can learn more about today’s Private Cloud Compute announcements from Apple on its website.

FTC: We use income earning auto affiliate links. More.

Read Entire Article