CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Apple 2026 Security Research Device Program Application Period Opens

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

Apple has initiated the application period for the 2026 Security Research Device Program (SRDP). This program provides specially configured iPhones to eligible security researchers to facilitate iOS security analysis. The application period runs until October 31, 2025. Researchers with a proven track record in finding security issues on Apple platforms or other modern operating systems are eligible. Selected researchers receive iPhones with shell access, early software previews, and special tools for 12-month renewable loans. The program aims to enhance iOS security by leveraging the expertise of white hat hackers. Successful discoveries qualify for rewards under Apple's bug bounty program, which has historically offered significant payouts for critical vulnerabilities.

Timeline

  1. 04.09.2025 18:09 1 articles · 25d ago

    2026 Apple Security Research Device Program Application Period Opens

    Apple has opened the application period for the 2026 Security Research Device Program (SRDP). Eligible security researchers can apply until October 31, 2025, to receive specially configured iPhones for iOS security analysis. The program provides shell access, early software previews, and special tools to aid research. Successful discoveries qualify for rewards under Apple's bug bounty program.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

WhatsApp Zero-Day Exploited in Targeted Attacks

A zero-day vulnerability in WhatsApp (CVE-2025-55177) was exploited in targeted attacks against specific users, chained with a separate iOS flaw (CVE-2025-43300). The flaw allowed unauthorized users to trigger content processing from arbitrary URLs on targeted devices. Apple issued threat notifications to users targeted in mercenary spyware attacks, which included individuals based on their status or function, such as journalists, lawyers, activists, politicians, and senior officials. The attacks highlight the risks of chaining multiple vulnerabilities to compromise targets, emphasizing the need for comprehensive security measures. WhatsApp patched the issue and notified affected users. Apple has sent threat notifications multiple times a year since 2021, alerting users in over 150 countries, including a fourth campaign in France in 2025. The attacks began with the exploitation of the WhatsApp zero-day vulnerability, which was chained with an iOS flaw in sophisticated attacks. Apple has been issuing threat notifications to users targeted in these attacks, advising them to enable Lockdown Mode and seek emergency security assistance. Apple introduced Memory Integrity Enforcement (MIE) in the latest iPhone models to combat memory corruption vulnerabilities, and the number of U.S. investors in spyware and surveillance technologies has increased significantly.

Open in new tab

Image I/O Framework Zero-Day Exploited in Targeted Attacks

The zero-day vulnerability CVE-2025-43300 in Apple's Image I/O framework was exploited in targeted attacks against specific individuals. The flaw, an out-of-bounds write issue, was used in combination with a WhatsApp zero-day flaw (CVE-2025-55177) in sophisticated attacks potentially involving nation-state actors or spyware activity. The vulnerability affects multiple iOS, iPadOS, and macOS versions, as well as various iPhone, iPad, and Mac models. Apple has backported fixes for CVE-2025-43300 to older versions, including iOS 16.7.12, iPadOS 16.7.12, iOS 15.8.5, and iPadOS 15.8.5. Users are advised to update promptly to mitigate potential ongoing attacks. The flaw was discovered by Apple security researchers and impacts both older and newer devices. This is the seventh zero-day exploited in the wild since the start of the year. The flaw was addressed with improved bounds checking. Apple has patched a total of seven zero-day vulnerabilities exploited in the wild since the start of the year. The vulnerability was exploited in targeted attacks against specific individuals. Affected devices include iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPhone 8, iPhone 8 Plus, iPhone X, iPad Air 2, iPad mini (4th generation), iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPod touch (7th generation), and Macs running macOS Sequoia, Sonoma, and Ventura. WhatsApp has also addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with the Apple flaw in targeted zero-day attacks. The WhatsApp vulnerability, CVE-2025-55177, is an insufficient authorization flaw in linked device synchronization messages. The flaw affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78. WhatsApp notified less than 200 users that they were targeted in an advanced spyware campaign over the last 90 days.

Open in new tab