Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit
好的,我现在要帮用户总结这篇文章的内容。用户的要求是用中文,控制在100字以内,不需要特定的开头,直接写描述。首先,我需要通读整篇文章,抓住主要信息。 文章主要讲的是Google的AI工具Big Sleep发现了苹果Safari浏览器中的五个安全漏洞。这些漏洞可能导致浏览器崩溃或内存损坏。然后,苹果已经发布了补丁,修复了这些问题,并且提供了更新的设备列表。 接下来,我需要把这些信息浓缩到100字以内。要注意关键点:Big Sleep的作用、发现的漏洞数量、漏洞的影响、苹果的修复措施以及更新范围。 可能会遇到的问题是如何简洁地表达这些内容而不遗漏重要信息。比如,“buffer overflow”和“use-after-free”这样的技术术语可能需要简化为“内存溢出”和“释放后使用”。 最后,确保语言流畅自然,符合用户的要求。 </think> Google的AI工具Big Sleep发现苹果Safari浏览器中的5个安全漏洞,可能导致浏览器崩溃或内存损坏。苹果已通过iOS 26.1等系统更新修复这些问题,并建议用户及时更新设备以确保安全。 2025-11-4 08:10:0 Author: thehackernews.com(查看原文) 阅读量:6 收藏

Artificial Intelligence / Vulnerability

Google's artificial intelligence (AI)-powered cybersecurity agent called Big Sleep has been credited by Apple for discovering as many as five different security flaws in the WebKit component used in its Safari web browser that, if successfully exploited, could result in a browser crash or memory corruption.

The list of vulnerabilities is as follows -

  • CVE-2025-43429 - A buffer overflow vulnerability that may lead to an unexpected process crash when processing maliciously crafted web content (addressed through improved bounds checking)
  • CVE-2025-43430 - An unspecified vulnerability that could result in an unexpected process crash when processing maliciously crafted web content (addressed through improved state management)
  • CVE-2025-43431 & CVE-2025-43433 - Two unspecified vulnerabilities that may lead to memory corruption when processing maliciously crafted web content (addressed through improved memory handling)
  • CVE-2025-43434 - A use-after-free vulnerability that may lead to an unexpected Safari crash when processing maliciously crafted web content (addressed through improved state management)
CIS Build Kits

Patches for the shortcomings have been released by Apple on Monday as part of iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, watchOS 26.1, visionOS 26.1, and Safari 26.1. The updates are available for the following devices and operating systems -

  • iOS 26.1 and iPadOS 26.1 - iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
  • macOS Tahoe 26.1 - Macs running macOS Tahoe
  • tvOS 26.1 - Apple TV 4K (2nd generation and later)
  • visionOS 26.1 - Apple Vision Pro (all models)
  • watchOS 26.1 - Apple Watch Series 6 and later
  • Safari 26.1 - Macs running macOS Sonoma and macOS Sequoia

Big Sleep, formerly called Project Naptime, is an AI agent launched by Google last year as part of a collaboration between DeepMind and Google Project Zero to enable automated vulnerability discovery.

Earlier this year, Google said the large language model (LLM)-assisted framework identified a security flaw in SQLite (CVE-2025-6965, CVSS score: 7.2) that it said was at "risk of being exploited" by malicious actors.

While none of the vulnerabilities listed in Monday's security bulletins have been flagged as exploited in the wild, it's always a good practice to keep devices updated to the latest version for optimal protection.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.


文章来源: https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html
如有侵权请联系:admin#unsafe.sh