A security researcher has criticized Apple's macOS bug bounty program for significantly lowering payouts for certain vulnerabilities. Despite increasing rewards for high-profile exploits, many macOS categories now offer much smaller financial incentives, which could discourage researchers from reporting flaws.

Apple released security updates addressing 105 vulnerabilities in MacOS 26.1 and 56 in iOS 26.1 and iPadOS 26.1. The updates fix flaws across multiple devices but lack detailed severity ratings, frustrating some security experts. No active exploitation of these vulnerabilities has been reported.

Apple has released updates for macOS and other platforms, addressing 19 security vulnerabilities in WebKit. These flaws could allow for various attacks, including data leaks and privilege escalation. The company reports no known active exploits of these vulnerabilities.

Apple has expanded its bug bounty program by doubling the maximum reward to $2 million for reporting zero-click remote compromise vulnerabilities, with potential payouts exceeding $5 million through bonuses. The program, which has awarded $35 million since its inception in 2020, also introduces new categories and increased rewards for various types of attacks, aiming to incentivize security researchers to report critical vulnerabilities. Additionally, Apple plans to distribute secured iPhone 17 devices to civil society organizations at risk of spyware attacks in 2026.

Apple has released urgent security updates to address two zero-day vulnerabilities, CVE-2025-31200 and CVE-2025-31201, that were exploited in sophisticated attacks on specific iPhone users. These vulnerabilities affect multiple Apple operating systems and devices, including iOS and macOS, and users are strongly urged to install the updates promptly to safeguard their devices. Since the beginning of the year, Apple has remedied five zero-day vulnerabilities.