Google's AI-powered cybersecurity agent, Big Sleep, has identified five distinct security vulnerabilities in the WebKit rendering engine used by Apple's Safari browser. These vulnerabilities include a buffer overflow (CVE-2025-43429), a use-after-free (CVE-2025-43434), and three other unspecified flaws that can lead to memory corruption or unexpected process crashes when processing maliciously crafted web content. The buffer overflow vulnerability could cause an unexpected crash due to improper bounds checking, while the use-after-free flaw arises from improper state management. The other vulnerabilities also relate to memory handling and state management issues. Apple addressed these vulnerabilities in their 26.1 updates for iOS, iPadOS, macOS Tahoe, tvOS, watchOS, visionOS, and Safari browser on macOS Sonoma and Sequoia. Affected devices include iPhone 11 and later, various iPad models, Macs running the latest OS versions, Apple TV 4K (2nd generation and later), Apple Watch Series 6 and later, and Apple Vision Pro. The vulnerabilities do not require authentication but do require the victim to process malicious web content, typically by visiting a crafted webpage. No active exploitation has been reported. Big Sleep, developed by Google in collaboration with DeepMind and Project Zero, uses AI to automate vulnerability discovery, demonstrating the growing role of AI in proactive security research. Although these vulnerabilities currently have a low severity rating, they represent potential vectors for denial of service or memory corruption attacks if exploited.

For European organizations, these vulnerabilities pose risks primarily to the confidentiality, integrity, and availability of systems running Safari or WebKit-based browsers on Apple devices. Exploitation could lead to browser crashes causing denial of service, and memory corruption could potentially be leveraged for more severe attacks such as arbitrary code execution, although no such exploits have been reported yet. Organizations relying heavily on Apple ecosystems—such as enterprises using iPhones, iPads, and Macs—may experience operational disruptions if users visit malicious websites exploiting these flaws. Critical sectors like finance, healthcare, and government agencies using Safari for web access could face increased risk of targeted attacks or service interruptions. Additionally, the widespread use of Apple devices in Europe means that unpatched systems could be a vector for broader attack campaigns. The fact that these vulnerabilities were discovered by AI highlights the increasing sophistication of vulnerability detection, emphasizing the need for timely patch management. Failure to update could expose organizations to emerging threats as attackers develop exploits based on these flaws.

European organizations should immediately prioritize deploying the Apple 26.1 updates across all affected platforms, including iOS, iPadOS, macOS Tahoe, tvOS, watchOS, visionOS, and Safari browser versions. Beyond patching, organizations should implement network-level protections such as web filtering to block access to known malicious sites and employ endpoint detection and response (EDR) solutions capable of monitoring abnormal browser behavior indicative of exploitation attempts. Security teams should conduct audits to identify all Apple devices in their environment and verify patch status. User awareness training should emphasize caution when browsing unknown or untrusted websites. Additionally, organizations can enable sandboxing and strict content security policies to limit the impact of potential browser exploits. Monitoring threat intelligence feeds for any emerging exploit activity related to these CVEs is recommended to respond swiftly to new developments. Finally, integrating AI-driven vulnerability management tools could help detect and remediate similar issues proactively in the future.