Sploitlight: macOS Vulnerability Exposes Apple Intelligence Data
Microsoft Threat Intelligence has uncovered a macOS vulnerability, dubbed “Sploitlight,” that could allow attackers to bypass Apple’s Transparency, Consent, and Control (TCC) safeguards and access highly sensitive user data. Exploiting Spotlight plugins, attackers could extract protected files from directories such as Downloads and Pictures, including caches created by Apple Intelligence. These caches may contain precise geolocation data, photo and video metadata, face recognition tags, search history, and user preferences. The vulnerability also extends its impact across devices linked to the same iCloud account, raising the risk of attackers accessing remote data from other Apple devices.
Apple addressed the flaw—tracked as CVE-2025-31199—in macOS Sequoia updates released March 31, 2025. Microsoft coordinated disclosure under its Security Vulnerability Research program, and both companies emphasized the urgency of applying security patches. The report underscores the growing threat of TCC bypasses, which blur the boundary between protected system processes and third-party plugins. Microsoft Defender for Endpoint now includes enhanced detection to prevent such attacks, highlighting the importance of proactive defence and industry collaboration to protect user privacy against increasingly sophisticated macOS threats.
#CyberSecurity #macOS #Sploitlight #AppleIntelligence #DataBreach #InfoSec #CVE202531199 #ThreatIntelligence #MicrosoftSecurity #Privacy #TCCBypass #Vulnerability #AppleSecurity #EndpointSecurity #CISO #CyberThreats #iCloudSecurity #ZeroDay #MacSecurity #Exploit #IncidentResponse #MicrosoftDefender #CyberRisk #DigitalSafety #SecurityUpdate #CyberResilience #DataProtection #PrivacyThreats #SecurityPatch #CrossPlatformSecurity
