Google’s artificial intelligence (AI)-powered cybersecurity agent, called Big Sleep, has been credited by Apple with discovering up to five different security flaws in the WebKit component used in the Safari web browser that, if successfully exploited, could cause the browser to crash or corrupt memory.
Here is the list of vulnerabilities:
CVE-2025-43429 – Buffer overflow vulnerability that could cause an unexpected process crash when processing maliciously crafted web content (resolved with improved bounds checking) CVE-2025-43430 – Unspecified vulnerability that could cause an unexpected process crash when processing maliciously crafted web content (resolved with improved state management) CVE-2025-43431 & CVE-2025-43433 – Two unspecified vulnerabilities that can cause memory corruption when processing maliciously crafted web content (resolved with improved memory handling) CVE-2025-43434 – Use-after-free vulnerability that can cause unexpected Safari crash when processing maliciously crafted web content (resolved with improved state management)
A patch for the flaw was released by Apple on Monday as part of iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. Updates are available for the following devices and operating systems:
iOS 26.1 and iPadOS 26.1 – iPhone 11 or later, iPad Pro 12.9 inch 3rd generation or later, iPad Pro 11 inch 1st generation or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later macOS Tahoe 26.1 – macOS Tahoe tvOS 26.1 – Apple TV 4K (2nd generation) or later) visionOS 26.1 – Apple Vision Pro (all models) watchOS 26.1 – Apple Watch Series 6 or later Safari 26.1 – Macs running macOS Sonoma and macOS Sequoia
Big Sleep (previously known as Project Naptime) is an AI agent launched by Google last year as part of a collaboration between DeepMind and Google Project Zero to enable automatic vulnerability detection.
Earlier this year, Google announced that its large-scale language model (LLM) assistance framework had identified a security flaw in SQLite (CVE-2025-6965, CVSS score: 7.2) that was “at risk of being exploited” by malicious parties.
None of the vulnerabilities listed in Monday’s bulletin have been reported to be exploited in the wild, but it is recommended that you keep your devices updated to the latest versions for optimal protection.
Source link
