MUST READ

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

 | 

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

 | 

Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications

 | 

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

 | 

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds

 | 

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

 | 

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

 | 

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

 | 

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

 | 

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog

 | 

Google Big Sleep found five vulnerabilities in Safari

Pierluigi Paganini November 04, 2025

Google’s AI agent, Big Sleep, helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption.

Google’s AI agent Big Sleep helped Apple discover five WebKit flaws in Safari that could lead to browser crashes or memory corruption if exploited.

Big Sleep is an AI agent developed by Google DeepMind and Project Zero to automate the discovery of real-world software vulnerabilities.

Below is the list of vulnerabilities identified by Google:

  • CVE-2025-43434: A use-after-free flaw that could cause Safari to crash when handling malicious web content. Fixed through improved state management.
  • CVE-2025-43429: A buffer overflow issue that might trigger a process crash with crafted web content. Resolved via better bounds checking.
  • CVE-2025-43430: An unspecified bug that could cause unexpected crashes when processing malicious input. Fixed with enhanced state management.
  • CVE-2025-43431 & CVE-2025-43433: Two unspecified vulnerabilities that could result in memory corruption while processing malicious content. Addressed through improved memory handling.

None of the above vulnerabilities has been actively exploited in attacks in the wild.

Apple released the following updates to address the issues:

  • iOS 26.1 and iPadOS 26.1 – iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
  • macOS Tahoe 26.1 – Macs running macOS Tahoe
  • tvOS 26.1 – Apple TV 4K (2nd generation and later)
  • visionOS 26.1 – Apple Vision Pro (all models)
  • watchOS 26.1 – Apple Watch Series 6 and later
  • Safari 26.1 – Macs running macOS Sonoma and macOS Sequoia

In August, Google released Chrome 139 to address a high-severity vulnerability, tracked as CVE-2025-9132, in its open source high-performance JavaScript and WebAssembly engine V8 that was discovered by Big Sleep AI.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Big Sleep AI)

AI Apple Big Sleep AI Hacking hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini November 04, 2025
Crooks exploit RMM software to hijack trucking firms and steal cargo
Read more
Pierluigi Paganini November 03, 2025
Jabber Zeus developer ‘MrICQ’ extradited to US from Italy
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google Big Sleep found five vulnerabilities in Safari

Security / November 04, 2025

Crooks exploit RMM software to hijack trucking firms and steal cargo

Cyber Crime / November 04, 2025

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

Cyber Crime / November 03, 2025

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

Security / November 03, 2025

Android Apps misusing NFC and HCE to steal payment data on the rise

Security / November 03, 2025