Vulnerability Management, Data Security, Endpoint/Device Security, Exposure management

Microsoft discloses ‘Sploitlight’ security flaw in macOS

Open finder app in macOs

Microsoft Threat Intelligence reported discovering a macOS flaw that could let attackers steal private data of files normally protected by transparency, consent, and control (TCC), a bug that if exploited could let attackers bypass TCC and leak sensitive information cached by Apple Intelligence.

In its July 28 blog post, Microsoft said the flaw, dubbed "Sploitlight" for its use of Spotlight plugins, could expose a broad swath of information, including precise geolocation data, photo and video metadata, face an person recognition data, search history, and user preferences.

Attakers with access to a user’s macOS device could also exploit the flaw to determine remote information of other devices linked to the victim’s iCloud account.

Apple released a fix for the logging flaw, CVE-2025-31199, as part of security updates for macOs Sequoia, released on March 31, 2025.

Shane Barney, chief information security officer at Keeper Security, explained that the Sploitlight vulnerability shows how even well-established privacy frameworks like Apple’s TCC can be circumvented through overlooked system components.

Barney said in this case, attackers exploited Spotlight plugins to access highly sensitive user data, including Apple Intelligence cache files, geolocation history, media metadata and face recognition details. Because this metadata syncs across iCloud-linked devices, compromising one Mac could expose information from a user’s entire device ecosystem.

“This incident serves as an important reminder that built-in operating system protections alone aren’t enough to secure today’s environments,” said Barney. “Reducing risk requires a layered security approach that includes strong endpoint protection, limited administrative privileges and routine auditing for unauthorized or unsigned components.”

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds