AI/ML, Vulnerability Management

Apple Intelligence info exposed by macOS Sploitlight vulnerability

BleepingComputer reports that intrusions involving the recently addressed macOS logging flaw Sploitlight, tracked as CVE-2025-31199, could facilitate Transparency, Consent, and Control security framework evasion and Apple Intelligence cached data compromise.

Attackers could harness the Sploitlight vulnerability, which has been fixed in macOS Sequoia 15.4 released in March, to obtain precise geolocation data, photo and video metadata, user activity and event context, face and person recognition details, search histories and user preferences, shared libraries and photo albums, and erased media from targeted devices, according to an analysis from Microsoft. "These risks are further complicated and heightened by the remote linking capability between iCloud accounts, meaning an attacker with access to a user's macOS device could also exploit the vulnerability to determine remote information of other devices linked to the same iCloud account," said Microsoft. Such findings come after Microsoft was reported to have disclosed a quartet of System Integrity Protection bypass bugs impacting macOS systems.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds