Google Big Sleep found five vulnerabilities in Safari
好的,我现在需要帮用户总结这篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,抓住主要信息。 文章提到Google的Big Sleep AI帮助苹果发现了Safari浏览器中的五个WebKit漏洞。这些漏洞可能导致浏览器崩溃或内存损坏。接着,文章列出了具体的CVE编号和修复措施,还提到苹果已经发布了多个系统的更新来修复这些问题。此外,Google在8月也用Big Sleep修复了Chrome的一个高危漏洞。 用户的要求是用中文总结,不超过100字,并且不需要特定的开头。所以我要提炼出关键点:Big Sleep发现漏洞、影响、修复措施和相关更新。 现在我需要把这些信息浓缩成一句话,确保涵盖所有重要方面,同时保持简洁明了。 </think> Google的AI工具Big Sleep协助发现Safari浏览器中的五个WebKit漏洞,可能导致崩溃或内存损坏。苹果已通过更新修复这些问题。 2025-11-4 11:53:51 Author: securityaffairs.com(查看原文) 阅读量:3 收藏

Google Big Sleep found five vulnerabilities in Safari

Pierluigi Paganini November 04, 2025

Google’s AI agent, Big Sleep, helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption.

Google’s AI agent Big Sleep helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption if exploited.

Big Sleep is an AI agent developed by Google DeepMind and Project Zero to automate the discovery of real-world software vulnerabilities.

Below is the list of vulnerabilities identified by Google:

  • CVE-2025-43434: A use-after-free flaw that could cause Safari to crash when handling malicious web content. Fixed through improved state management.
  • CVE-2025-43429: A buffer overflow issue that might trigger a process crash with crafted web content. Resolved via better bounds checking.
  • CVE-2025-43430: An unspecified bug that could cause unexpected crashes when processing malicious input. Fixed with enhanced state management.
  • CVE-2025-43431 & CVE-2025-43433: Two unspecified vulnerabilities that could result in memory corruption while processing malicious content. Addressed through improved memory handling.

None of the above vulnerabilities has been actively exploited in attacks in the wild.

Apple released the following updates to address the issues:

  • iOS 26.1 and iPadOS 26.1 – iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
  • macOS Tahoe 26.1 – Macs running macOS Tahoe
  • tvOS 26.1 – Apple TV 4K (2nd generation and later)
  • visionOS 26.1 – Apple Vision Pro (all models)
  • watchOS 26.1 – Apple Watch Series 6 and later
  • Safari 26.1 – Macs running macOS Sonoma and macOS Sequoia

In August, Google released Chrome 139 to address a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8 that was discovered by Big Sleep AI.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Big Sleep AI)


文章来源: https://securityaffairs.com/184184/security/google-big-sleep-found-five-vulnerabilities-in-safari.html
如有侵权请联系:admin#unsafe.sh