Google’s synthetic intelligence (AI)-powered cybersecurity agent referred to as Huge Sleep has been credited by Apple for locating as many as 5 totally different safety flaws within the WebKit element utilized in its Safari net browser that, if efficiently exploited, might end in a browser crash or reminiscence corruption.
The record of vulnerabilities is as follows –
- CVE-2025-43429 – A buffer overflow vulnerability which will result in an sudden course of crash when processing maliciously crafted net content material (addressed by improved bounds checking)
- CVE-2025-43430 – An unspecified vulnerability that would end in an sudden course of crash when processing maliciously crafted net content material (addressed by improved state administration)
- CVE-2025-43431 & CVE-2025-43433 – Two unspecified vulnerabilities which will result in reminiscence corruption when processing maliciously crafted net content material (addressed by improved reminiscence dealing with)
- CVE-2025-43434 – A use-after-free vulnerability which will result in an sudden Safari crash when processing maliciously crafted net content material (addressed by improved state administration)
Patches for the shortcomings had been launched by Apple on Monday as a part of iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. The updates can be found for the next units and working programs –
- iOS 26.1 and iPadOS 26.1 – iPhone 11 and later, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad eighth technology and later, and iPad mini fifth technology and later
- macOS Tahoe 26.1 – Macs working macOS Tahoe
- tvOS 26.1 – Apple TV 4K (2nd technology and later)
- visionOS 26.1 – Apple Imaginative and prescient Professional (all fashions)
- watchOS 26.1 – Apple Watch Collection 6 and later
- Safari 26.1 – Macs working macOS Sonoma and macOS Sequoia
Huge Sleep, previously referred to as Challenge Naptime, is an AI agent launched by Google final 12 months as a part of a collaboration between DeepMind and Google Challenge Zero to allow automated vulnerability discovery.
Earlier this 12 months, Google mentioned the big language mannequin (LLM)-assisted framework recognized a safety flaw in SQLite (CVE-2025-6965, CVSS rating: 7.2) that it mentioned was at “danger of being exploited” by malicious actors.
Whereas not one of the vulnerabilities listed in Monday’s safety bulletins have been flagged as exploited within the wild, it is all the time a great apply to maintain units up to date to the newest model for optimum safety.
