Apple has expanded its bug bounty program by doubling the maximum reward to $2 million for reporting zero-click remote compromise vulnerabilities, with potential payouts exceeding $5 million through bonuses. The program, which has awarded $35 million since its inception in 2020, also introduces new categories and increased rewards for various types of attacks, aiming to incentivize security researchers to report critical vulnerabilities. Additionally, Apple plans to distribute secured iPhone 17 devices to civil society organizations at risk of spyware attacks in 2026.

Apple has released urgent security updates to address two zero-day vulnerabilities, CVE-2025-31200 and CVE-2025-31201, that were exploited in sophisticated attacks on specific iPhone users. These vulnerabilities affect multiple Apple operating systems and devices, including iOS and macOS, and users are strongly urged to install the updates promptly to safeguard their devices. Since the beginning of the year, Apple has remedied five zero-day vulnerabilities.