- Microsoft finds macOS security bug which could allow threat actors to pull sensitive data from Apple Intelligence
- “Sploitlight” revolves around Spotlight plugins
- It was fixed in macOS Sequoia 15.4, so users should upgrade now
Microsoft has revealed details of a security vulnerability in macOS which allowed threat actors to steal sensitive information from the Apple Intelligence AI tool.
In a blog post, Microsoft said it found a bug that bypasses Transparency, Consent, and Control (TCC) mechanisms found on macOS devices. TCC is a security and privacy framework that restricts access to sensitive user data and system features.
The bug, tracked as CVE-2025-31199, could allow hackers to access files in the Downloads folder, as well as caches utilized by Apple Intelligence. Microsoft dubbed the vulnerability “Sploitlight” since it abuses Spotlight plugins, but says it is more dangerous than previous TCC bypasses such as HM-Surf, or powerdir.
“Severe implications”
“The implications of this vulnerability are more severe due to its ability to extract and leak sensitive information cached by Apple Intelligence, such as precise geolocation data, photo and video metadata, face and person recognition data, search history and user preferences, and more,” Microsoft explained.
“These risks are further complicated and heightened by the remote linking capability between iCloud accounts, meaning an attacker with access to a user’s macOS device could also exploit the vulnerability to determine remote information of other devices linked to the same iCloud account.”
Spotlight plugins are used to index files for macOS search. Despite these plugins running in a sandboxed environment, they still have privileged access to scanned files, meaning attackers can modify plugin metadata to target specific file types.
By logging file contents during indexing, attackers can exfiltrate data without needing TCC permissions.
Apple says fixed the flaw in March 2025, through patches for macOS Sequoia 15.4. On NVD, the patch is described as providing “improved data redaction”. Microsoft said that Defender for Endpoint now detects “suspicious” .mdimporter installations, and unusual indexing of sensitive directories.
Via BleepingComputer