Microsoft has disclosed a severe macOS vulnerability that allowed malicious apps to bypass Apple’s privacy safeguards and access highly sensitive data—including metadata from Apple Intelligence. Dubbed “SploitLight,” the flaw took advantage of how Spotlight, macOS’s built-in search tool, indexes plugin data.
The exploit worked by dropping malicious Spotlight plugins into user-writable directories. Spotlight would automatically index these plugins and, crucially, execute them without user interaction. This allowed the attacker to bypass Apple’s Transparency, Consent, and Control (TCC) framework, which normally blocks unauthorised access to protected files like those in the Downloads folder or Safari cache.
But the bigger concern lies in what Microsoft uncovered next: attackers could also extract metadata cached by Apple Intelligence—Apple’s newly introduced AI system—such as photo and video tags, precise location data, face and person recognition info, search history, and user preferences. Microsoft noted that this sensitive metadata, if exfiltrated, could potentially map out a user’s habits and movements.
To make matters worse, the exploit could extend its reach to other Apple devices connected to the same iCloud account. By linking cached data across iCloud, an attacker could infer activity on iPhones, iPads, or other Macs tied to the victim’s profile.
Apple quietly patched the vulnerability, now tracked as CVE-2025-31199, in a security update rolled out on March 31, 2025, alongside macOS Sequoia. Microsoft only made the issue public now, after confirming the fix is in place. Users on older versions of macOS remain vulnerable and are strongly encouraged to update immediately.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
