Google’s AI-powered cybersecurity agent, Big Sleep, has been acknowledged by Apple for finding five critical vulnerabilities in the WebKit component of the Safari web browser. It could lead to browser crashes or memory corruption if exploited. Thus, it’s indeed an alarming sign for Apple to address vulnerabilities, and it is actively addressing the issues through bounds checking, memory handling, and state management.
Following are the vulnerabilities identified by Google:
CVE-2025-43429: Mainly an issue in buffer overflow that can cause an unexpected process to crash during processing maliciously curated web content. Can be fixed with improved bounds checking.
CVE-2025-43430: This is a sudden vulnerability that can result in an unexpected process crash while processing malicious online content (resolved with better state management).
CVE-2025-43431 & CVE-2025-43433: These are the two vulnerabilities that aren’t specified that can lead to memory corruption when processing malicious web content. It can be addressed by improving memory handling.
CVE-2025-43434: A use-after free flaw that saves Safari from crashing while handling malicious web content through improvement in state management.
Fixes Across Different Platforms
Apple has started releasing patches for the above vulnerabilities on Monday. To address the concerns, Apple has shared updates for the following devices and operating systems:
- iPhone 11 and later, iPad Pro 11-inch 1st generation and beyond, iPad Air 3rd generation and beyond
- macOS Tahoe 26.1: Macs that is running macOS Tahoe
- TvOS 26.1: Apple TV 4k, 2nd generation and beyond
- watchOS 26.1: Apple Watch Series 6 and later
- Safari 26.1: Macs running MacOS Sonoma and macOS Sequoia
- IOS 26.1 and iPadOS 26.1: iPhone
Developed in collaboration by Google DeepMind and Project Zero, Big Sleep, earlier known as Project Naptime, uses Large Language Models (LLMs), neural code reasoning, and automated fuzzing to identify vulnerabilities at scale.
Some of the identified flaws include memory corruption, use-after-free issues, and buffer overflow. A few months back, Big Sleep also discovered a security flaw in SQLite (CVE-2025-6965) and a Chrome V8 engine vulnerability (CVE-2025-9132).
Even though there is no evidence that the Safari vulnerabilities have been exploited in the wild, it is always better to implement proper security practices to avoid malicious vulnerabilities. Considering this, experts suggest regularly updating devices to confirm high security and safeguard against the threats detected by powerful AI agents.
We keep you updated with all the trending news. Visit us here to learn more!
Recommended For You:
Are Google AI Overviews Destroying Your Website Traffic Here’s the Truth
