Google's AI Discovers New Vulnerabilities in Apple's Safari WebKit

Google's AI-powered cybersecurity agent, Big Sleep, has identified five new vulnerabilities in Apple's Safari WebKit component. These flaws, if exploited, could lead to browser crashes or memory corruption.

According to The Hacker News, the vulnerabilities are classified under various Common Vulnerabilities and Exposures identifiers. CVE-2025-43429 details a buffer overflow vulnerability that may cause an unexpected process crash when handling maliciously crafted web content.

This issue has been addressed with improved bounds checking. Another vulnerability, CVE-2025-43430, is also a buffer overflow that could result in a similar crash, and it has been mitigated through enhanced state management.

CVE-2025-43431 and CVE-2025-43433 are two unspecified vulnerabilities that may lead to memory corruption, also remedied by improved memory handling techniques. Lastly, CVE-2025-43434 refers to a use-after-free vulnerability that could lead to unexpected crashes in Safari, which has been addressed through state management improvements.

Apple released patches for these vulnerabilities on Monday as part of their updates for iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. Users are encouraged to update their devices to ensure optimal protection, even though none of the vulnerabilities have been reported as exploited in the wild at this time.

Big Sleep, previously known as Project Naptime, was launched by Google last year, in collaboration with DeepMind and Google Project Zero, to automate the vulnerability discovery process. Earlier this year, it identified a security flaw in SQLite, highlighting the tool's capability to enhance cybersecurity measures.

This development underscores the increasing role of AI in identifying and addressing security threats in software applications, showcasing a significant advancement in cybersecurity technology.