Google's advanced AI cybersecurity agent, dubbed 'Big Sleep,' has successfully identified five previously unknown vulnerabilities within Apple's WebKit, the rendering engine powering Safari. These discoveries, acknowledged by Apple, could have potentially led to browser crashes or memory corruption if exploited by malicious actors. The AI's contribution highlights the growing role of artificial intelligence in proactive cybersecurity.

Key Takeaways

• Google's AI 'Big Sleep' discovered five new vulnerabilities in Apple's Safari WebKit.

• The vulnerabilities could lead to browser crashes or memory corruption.

• Apple has released patches for these flaws in recent software updates.

• None of the vulnerabilities have been reported as exploited in the wild.

Vulnerabilities Identified

Big Sleep, a product of collaboration between Google DeepMind and Project Zero, is designed to automate the discovery of software vulnerabilities. The five flaws it uncovered in WebKit are:

• CVE-2025-43429: A buffer overflow vulnerability that could cause an unexpected process crash when handling malicious web content. This has been addressed through improved bounds checking.

• CVE-2025-43430: An unspecified vulnerability that might lead to an unexpected process crash when processing malicious web content. Improved state management was implemented to fix this.

• CVE-2025-43431 & CVE-2025-43433: Two unspecified vulnerabilities that could result in memory corruption when processing maliciously crafted web content. These were resolved with enhanced memory handling.

• CVE-2025-43434: A use-after-free vulnerability that could cause Safari to crash when processing malicious web content. This issue has been fixed through improved state management.

Apple's Response and Software Updates

Apple has promptly addressed these vulnerabilities by releasing comprehensive software updates. These patches are included in iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. The updates cover a wide range of Apple devices, including iPhones, iPads, Macs, Apple TVs, Apple Vision Pro, and Apple Watches.

Specifically, the updates are available for:

• iOS 26.1 and iPadOS 26.1: iPhone 11 and later, various iPad models (Pro, Air, standard, and mini) from specific generations onwards.

• macOS Tahoe 26.1: Macs running macOS Tahoe.

• tvOS 26.1: Apple TV 4K (2nd generation and later).

• visionOS 26.1: All Apple Vision Pro models.

• watchOS 26.1: Apple Watch Series 6 and later.

• Safari 26.1: Macs running macOS Sonoma and macOS Sequoia.

The Role of Big Sleep AI

Big Sleep, formerly known as Project Naptime, represents a significant advancement in AI-driven cybersecurity. Its ability to autonomously discover vulnerabilities not only helps companies like Apple secure their products but also potentially thwarts malicious actors who might be preparing to exploit such flaws. This AI agent has previously identified security issues in other software, including a flaw in SQLite earlier this year.

While Apple has confirmed that none of these newly patched WebKit vulnerabilities have been exploited in the wild, users are strongly advised to install the latest software updates to ensure their devices are protected against potential threats.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Google's AI 'Big Sleep' Finds 5 New Vulnerabilities in Apple's Safari WebKit, The Hacker News.

• Google Big Sleep found five vulnerabilities in Safari, Security Affairs.

• Apple Patches 19 WebKit Vulnerabilities, SecurityWeek.