Google’s artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption.
The list of vulnerabilities is as follows –
- CVE-2025-43429 – A buffer overflow vulnerability that may lead to an unexpected process crash when processing maliciously crafted web content (addressed through improved bounds checking)
- CVE-2025-43430 – An unspecified vulnerability that could result in an unexpected process crash when processing maliciously crafted web content (addressed through improved state management)
- CVE-2025-43431 & CVE-2025-43433 – Two unspecified vulnerabilities that may lead to memory corruption when processing maliciously crafted web content (addressed through improved memory handling)
- CVE-2025-43434 – A use-after-free vulnerability that may lead to an unexpected Safari crash when processing maliciously crafted web content (addressed through improved state management)
Patches for the shortcomings have been released by Apple on Monday as part of iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. The updates are available for the following devices and operating systems –
- iOS 26.1 and iPadOS 26.1 – iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
- macOS Tahoe 26.1 – Macs running macOS Tahoe
- tvOS 26.1 – Apple TV 4K (2nd generation and later)
- visionOS 26.1 – Apple Vision Pro (all models)
- watchOS 26.1 – Apple Watch Series 6 and later
- Safari 26.1 – Macs running macOS Sonoma and macOS Sequoia
Big Sleep, formerly called Project Naptime, is an AI agent launched by Google last year as part of a collaboration between DeepMind and Google Project Zero to enable automated vulnerability discovery.
Earlier this year, Google said the large language model (LLM)-assisted framework identified a security flaw in SQLite (CVE-2025-6965, CVSS score: 7.2) that it said was at “risk of being exploited” by malicious actors.
While none of the vulnerabilities listed in Monday’s security bulletins have been flagged as exploited in the wild, it’s always a good practice to keep devices updated to the latest version for optimal protection.
