Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Google’s AI-powered security agent, Big Sleep, identified five zero-day vulnerabilities in Apple’s Safari WebKit, leading to urgent patches across iOS, macOS, and other Apple platforms. The flaws could enable remote code execution or memory corruption if exploited.

Why This Matters

Automated AI systems like Big Sleep highlight the gap between idealized security models and real-world software complexity. WebKit’s widespread use makes even minor flaws high-impact: memory corruption vulnerabilities can be exploited for arbitrary code execution, with potential costs measured in billions of affected devices and data breaches. Apple’s rapid patching underscores the scale of risk these flaws pose.

Key Insights

• “Five critical WebKit flaws (CVE-2025-43429–43434) patched in Apple’s 2025-11-04 updates”: https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html
• “AI-driven vulnerability detection outperforms manual methods for scale, but requires human validation to avoid false positives”: https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html
• “Big Sleep (formerly Project Naptime) used by Google Project Zero to identify SQLite flaw (CVE-2025-6965) earlier this year”: https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

Practical Applications

• Use Case: Apple’s WebKit team uses AI-assisted tools to prioritize high-risk vulnerabilities in browser rendering engines.
• Pitfall: Over-reliance on AI without manual code review may miss edge-case exploits in complex systems like WebKit.

References:

• https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html