On November 4, 2025, Google’s AI-driven cybersecurity agent, Big Sleep, discovered five vulnerabilities in Apple’s Safari WebKit component, potentially leading to browser crashes and memory corruption. The identified vulnerabilities include CVE-2025-43429, a buffer overflow issue; CVE-2025-43430, an unspecified crash risk; and two memory corruption vulnerabilities (CVE-2025-43431 & CVE-2025-43433). Additionally, CVE-2025-43434 involves a use-after-free vulnerability. Apple has released patches as part of iOS 26.1, iPadOS 26.1, and other operating systems to address these flaws. Supported devices include iPhone 11+, iPad Pro (various models), and Apple Watch Series 6+. Big Sleep, previously known as Project Naptime, was launched in 2024 to automate vulnerability discovery. Although these vulnerabilities are not currently exploited, users should ensure devices are updated to maintain cybersecurity. Keeping systems updated is crucial for optimal protection against potential attacks.
Source link
Share
Read more