Google's AI agent, Big Sleep, helped Apple discover five serious WebKit flaws in Safari that could lead to browser crashes or memory corruption if exploited.
Big Sleep is an AI agent developed jointly by Google DeepMind and Project Zero with the goal of automating the discovery of real world software vulnerabilities.
Vulnerabilities Identified
The vulnerabilities discovered by Google's AI agent include:
- CVE-2025-43434: A use after free flaw that could cause Safari to crash when malicious web content was handled. This issue was fixed through improved state management.
- CVE-2025-43429: A buffer overflow issue that might trigger a process crash when crafted web content was processed. Apple resolved this via better bounds checking.
- CVE-2025-43430: An unspecified bug that could cause unexpected crashes when processing malicious input. It was fixed with enhanced state management.
- CVE-2025-43431 & CVE-2025-43433: Two unspecified vulnerabilities that could result in memory corruption while processing malicious content. These were addressed through improved memory handling.
None of these vulnerabilities were actively exploited in attacks in the wild.
Apple's Updates
Apple released a wide range of updates to address these issues across its device ecosystem:
- iOS 26.1 and iPadOS 26.1 for iPhone 11 and later, and various iPad models.
- macOS Tahoe 26.1 for Macs running macOS Tahoe.
- tvOS 26.1 for Apple TV 4K (2nd generation and later).
- visionOS 26.1 for Apple Vision Pro (all models).
- watchOS 26.1 for Apple Watch Series 6 and later.
- Safari 26.1 for Macs running macOS Sonoma and macOS Sequoia.
This effort follows a similar instance in August, when Google released Chrome 139 to address a high severity vulnerability in its V8 engine that had also been discovered by the Big Sleep AI.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
