Nov 04, 2025Ravie LakshmananArtificial Intelligence / Vulnerability
Google’s synthetic intelligence (AI)-powered cybersecurity agent known as Massive Sleep has been credited by Apple for locating as many as 5 totally different safety flaws within the WebKit element utilized in its Safari net browser that, if efficiently exploited, may lead to a browser crash or reminiscence corruption.
The record of vulnerabilities is as follows –
CVE-2025-43429 – A buffer overflow vulnerability which will result in an sudden course of crash when processing maliciously crafted net content material (addressed via improved bounds checking)
CVE-2025-43430 – An unspecified vulnerability that would lead to an sudden course of crash when processing maliciously crafted net content material (addressed via improved state administration)
CVE-2025-43431 & CVE-2025-43433 – Two unspecified vulnerabilities which will result in reminiscence corruption when processing maliciously crafted net content material (addressed via improved reminiscence dealing with)
CVE-2025-43434 – A use-after-free vulnerability which will result in an sudden Safari crash when processing maliciously crafted net content material (addressed via improved state administration)
Patches for the shortcomings have been launched by Apple on Monday as a part of iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. The updates can be found for the next units and working methods –
iOS 26.1 and iPadOS 26.1 – iPhone 11 and later, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad eighth era and later, and iPad mini fifth era and later
macOS Tahoe 26.1 – Macs operating macOS Tahoe
tvOS 26.1 – Apple TV 4K (2nd era and later)
visionOS 26.1 – Apple Imaginative and prescient Professional (all fashions)
watchOS 26.1 – Apple Watch Sequence 6 and later
Safari 26.1 – Macs operating macOS Sonoma and macOS Sequoia
Massive Sleep, previously known as Venture Naptime, is an AI agent launched by Google final 12 months as a part of a collaboration between DeepMind and Google Venture Zero to allow automated vulnerability discovery.
Earlier this 12 months, Google stated the massive language mannequin (LLM)-assisted framework recognized a safety flaw in SQLite (CVE-2025-6965, CVSS rating: 7.2) that it stated was at “danger of being exploited” by malicious actors.
Whereas not one of the vulnerabilities listed in Monday’s safety bulletins have been flagged as exploited within the wild, it is all the time a very good follow to maintain units up to date to the newest model for optimum safety.
