Microsoft has disclosed a new security vulnerability in macOS that could allow attackers to steal sensitive user data—including information handled by Apple Intelligence—without user consent. The flaw, named “Sploitlight,” leverages Spotlight plugins to bypass Apple’s Transparency, Consent, and Control (TCC) security framework.
What is Sploitlight?
The vulnerability, officially tracked as CVE-2025-31199, has been patched in macOS Sequoia 15.4, released in March 2025. Apple described the issue as a “logging problem” and addressed it by enhancing data redaction processes.
Despite TCC being designed to restrict app access to private data, Microsoft found that Spotlight plugins—due to their elevated privileges—could be exploited to sidestep those restrictions. This raises serious concerns about the integrity of data stored or processed by Apple Intelligence.
What Kind of Data Is at Risk?
The exposed information goes far beyond basic metadata. It may include highly sensitive data stored or cached by Apple Intelligence, such as:
- Photo and video metadata
- Precise GPS location data
- Face and person recognition data
- User activity and event context
- Photo albums and shared libraries
- Search history and user preferences
- Deleted photos and videos
- Data from other devices linked to the same iCloud account
Most concerning is that a compromise on one macOS device could potentially expose information from all iCloud-connected devices associated with that user.
Microsoft’s History with macOS Vulnerabilities
This is not the first time Microsoft has flagged critical flaws in macOS. In recent years, Microsoft researchers have discovered several major vulnerabilities, including:
- Shrootless (CVE-2021-30892): A SIP bypass used to install rootkits (2021)
- Migraine (CVE-2023-32369) and Achilles (CVE-2022-42821): Malware installation through apps that bypass Gatekeeper (2023)
- SIP Bypass (CVE-2024-44243): Loading malicious kernel extensions via third-party sources (2024)
These incidents show that macOS, despite its strong security reputation, remains vulnerable—especially as Apple integrates AI-powered features more deeply into the system.
What Should Users Do?
Apple already released a fix in macOS Sequoia 15.4, so we strongly recommend that users update their systems right away. Also, steer clear of unnecessary plugins or third-party software that attackers could exploit.
Sploitlight serves as a timely reminder that even well-secured operating systems can become vulnerable—especially as AI technologies like Apple Intelligence gain deeper access to user behavior and personal data.
Source: BleepingComputer – Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data