Google’s synthetic intelligence (AI)-powered cybersecurity agent known as Large Sleep has been credited by Apple for locating as many as 5 completely different security flaws within the WebKit part utilized in its Safari internet browser that, if efficiently exploited, might lead to a browser crash or reminiscence corruption.
The record of vulnerabilities is as follows –
- CVE-2025-43429 – A buffer overflow vulnerability that will result in an surprising course of crash when processing maliciously crafted internet content material (addressed by way of improved bounds checking)
- CVE-2025-43430 – An unspecified vulnerability that would lead to an surprising course of crash when processing maliciously crafted internet content material (addressed by way of improved state administration)
- CVE-2025-43431 & CVE-2025-43433 – Two unspecified vulnerabilities that will result in reminiscence corruption when processing maliciously crafted internet content material (addressed by way of improved reminiscence dealing with)
- CVE-2025-43434 – A use-after-free vulnerability that will result in an surprising Safari crash when processing maliciously crafted internet content material (addressed by way of improved state administration)
Patches for the shortcomings have been launched by Apple on Monday as a part of iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. The updates can be found for the next units and working techniques –
- iOS 26.1 and iPadOS 26.1 – iPhone 11 and later, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad eighth technology and later, and iPad mini fifth technology and later
- macOS Tahoe 26.1 – Macs operating macOS Tahoe
- tvOS 26.1 – Apple TV 4K (2nd technology and later)
- visionOS 26.1 – Apple Imaginative and prescient Professional (all fashions)
- watchOS 26.1 – Apple Watch Sequence 6 and later
- Safari 26.1 – Macs operating macOS Sonoma and macOS Sequoia
Large Sleep, previously known as Venture Naptime, is an AI agent launched by Google final yr as a part of a collaboration between DeepMind and Google Venture Zero to allow automated vulnerability discovery.
Earlier this yr, Google stated the big language mannequin (LLM)-assisted framework recognized a security flaw in SQLite (CVE-2025-6965, CVSS rating: 7.2) that it stated was at “threat of being exploited” by malicious actors.
Whereas not one of the vulnerabilities listed in Monday’s security bulletins have been flagged as exploited within the wild, it is all the time a very good follow to maintain units up to date to the newest model for optimum safety.
