Microsoft Discovers Major macOS Spotlight Flaw Allowing Unauthorized Access to Sensitive Data The Bridge Chronicle
Tech

Microsoft Discovers Major macOS Spotlight Flaw Allowing Unauthorized Access to Sensitive Data

“Sploitlight” Vulnerability Bypassed macOS Privacy Safeguards, Impacted Apple Intelligence Users; Fixed by Apple in March 2025

Pragati Chougule

Apple’s macOS Spotlight search tool has been uncovered by Microsoft’s Threat Intelligence team, potentially exposing users’ most sensitive data to attackers until it was patched earlier this year. The vulnerability, officially tracked as CVE-2025-31199 and known as “Sploitlight,” highlights the evolving risks to user privacy in the age of AI-driven device features and cloud sync.

Join our WhatsApp Channel to Stay Updated!

Microsoft researchers identified that custom Spotlight plugins could be crafted and placed in user-writable directories. Upon indexing, Spotlight would execute these plugins, unintentionally granting them access to protected locations including files in the Downloads folder, Safari data, and critically, caches generated by Apple Intelligence (AI-powered features across Apple devices)

Transparency, Consent, and Control (TCC) is a macOS security framework that ensures applications require user permission before accessing sensitive data such as location, photos, and microphone. However, “Sploitlight” exploited Spotlight plugins’ privileged access, effectively bypassing TCC and allowing unauthorized reads of information that should have remained secure.

Also read:Apple Explains Why iPads Don’t Just Run macOS

This breadth of access represents one of the more severe cross-device risks macOS users have faced, raising concerns about potential privacy breaches, stalking, and misuse of AI-enhanced device intelligence.

Once alerted by Microsoft, Apple investigated and addressed the issue with a fix deployed in the macOS Sequoia 15.4 update at the end of March 2025. The update applied improved data redaction and strengthened how Spotlight handles and executes plugins, ensuring private directories and caches are no longer vulnerable to this method of attack.

Also read:Apple Shares PowerPoint Presentation That Can Help Convince Your Parents to Buy You a Mac

There is currently no evidence that this vulnerability was exploited in the wild before Apple released the fix, as public disclosure only occurred after the patch became available. Both Apple and Microsoft have emphasized the importance of keeping macOS updated to the most recent version, especially for users with Apple Intelligence features or multiple Apple devices synced via iCloud.

Join our WhatsApp Channel to Stay Updated!

Help Us Create the Content You Love

Take Survey Now!

Enjoyed reading The Bridge Chronicle?
Your support motivates us to do better. Follow us on Facebook, Instagram, Twitter and Whatsapp to stay updated with the latest stories.
You can also read on the go with our Android and iOS mobile app.

Also Read

Indian Railway: Pune-Rewa Direct Express Train to Be Flagged Off on August 3

PMC News: Pune Pushes Water Meter Drive Amid Resistance from Residents

Pune Police Officers Assaulted During Patrol in Khadki, Four Men Arrested

Reservation Classification to Be Announced Soon, Says CM Devendra Fadnavis

PMC Election: Pune’s New Ward Structure to Be Submitted to State Government on Monday

SCROLL FOR NEXT