Microsoft Threat Intelligence reported discovering a macOS flaw that could let attackers steal private data of files normally protected by transparency, consent, and control (TCC), a bug that if exploited could let attackers bypass TCC and leak sensitive information cached by Apple Intelligence.In its July 28 blog post, Microsoft said the flaw, dubbed "Sploitlight" for its use of Spotlight plugins, could expose a broad swath of information, including precise geolocation data, photo and video metadata, face an person recognition data, search history, and user preferences.Attakers with access to a user’s macOS device could also exploit the flaw to determine remote information of other devices linked to the victim’s iCloud account.Apple released a fix for the logging flaw, CVE-2025-31199, as part of security updates for macOs Sequoia, released on March 31, 2025.Shane Barney, chief information security officer at Keeper Security, explained that the Sploitlight vulnerability shows how even well-established privacy frameworks like Apple’s TCC can be circumvented through overlooked system components.Barney said in this case, attackers exploited Spotlight plugins to access highly sensitive user data, including Apple Intelligence cache files, geolocation history, media metadata and face recognition details. Because this metadata syncs across iCloud-linked devices, compromising one Mac could expose information from a user’s entire device ecosystem.“This incident serves as an important reminder that built-in operating system protections alone aren’t enough to secure today’s environments,” said Barney. “Reducing risk requires a layered security approach that includes strong endpoint protection, limited administrative privileges and routine auditing for unauthorized or unsigned components.”
Vulnerability Management, Data Security, Endpoint/Device Security, Exposure management
Microsoft discloses ‘Sploitlight’ security flaw in macOS

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



