Apple has publicly released a Virtual Research Environment (VRE) for its Private Cloud Computer (PCC), platform marking an unprecedented opportunity for researchers to analyze an Apple program.
The PCC is designed to provide end-to-end security and privacy for users of Apple Intelligence, Apple’s proprietary AI system first announced in June 2024. User requests that cannot be processed locally on the user’s device will be processed in the PCC environment, where requests and user data will never be stored, collected or used for training and will not be accessible to anyone, even Apple itself, according to the company.
The release of the PCC VRE on Thursday marks the first time Apple has created a VRE for one of its platforms. While Apple previously made the VRE available to select security researchers and third-party auditors, it is now publicly available in the latest macOS Sequoia 15.1 Developer Preview. A Mac system with Apple silicon and 16 GB or more of unified memory are required to use the VRE.
“The VRE runs the PCC node software in a virtual machine with only minor modifications. Userspace software runs identically to the PCC node, with the boot process and kernel adapted for virtualization,” Apple said in its Thursday announcement. “The VRE includes a virtual Secure Enclave Processor (SEP), enabling security research in this component for the first time – and also uses the built-in macOS support for paravirtualized graphics to enable inference.”
Researchers can use the VRE to inspect all PCC software releases, boot releases in a virtualized environment, perform inference against demonstration models, modify and debut the PCC software, download the binaries for each release, and more. Additionally, Apple is making the source codes for several key PCC components publicly available on GitHub under a limited-use license for deeper investigation into the PCC’s security and privacy features.
Rewards up to $1 million available for PCC bug bounty program
Apple also announced that the Apple Security Bounty program now includes rewards for any security and privacy flaws discovered in the PCC platform, with the highest reward being a $1 million bounty for remote code execution flaws.
A $250,000 reward is also specified for the discovery of remote attacks that can access users’ requests or sensitive information about the requests outside the trust boundary. For attacks conducted from a privileged network position, Apple offers $150,000 for attacks that access users’ request data, $100,000 for flaws granting the ability to execute unattested code and $50,000 for any deployment or configuration issue that leads to accidentally or unexpected data disclosure.
“Because we care deeply about any compromise to user privacy or security, we will consider any security issue that has a significant impact to PCC for an Apple Security Bounty rewards, even if it doesn’t match a published category,” Apple stated. “We’ll evaluate every report according to the quality of what’s presented, the proof of what can be exploited, and the impact to users.”
Apple Intelligence is expected to launch publicly next week with the public releases of iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1. The feature will only be available on devices with the necessary hardware capabilities, including the iPhone 15 Pro, iPhone 16, iPads with an A17 Pro chip, M1 chip or later, and Mac computers with an M1 chip or later.
