SploitLight: Microsoft warns macOS flaw could leak Apple Intelligence metadata

Microsoft has detailed a serious macOS vulnerability that could allow malicious apps to bypass system privacy protections. Dubbed “SploitLight,” the flaw exploited how Spotlight indexes plugin data to access sensitive files and Apple Intelligence metadata. Apple addressed the issue in macOS in March, but users on older versions could be at risk. Microsoft alerted Apple to the exploit upon discovery, leading to its fix in macOS earlier this year. From Microsoft’s security blog: Microsoft Threat Intelligence has discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), such as files in the Downloads folder, as well as caches utilized by Apple Intelligence. While similar to prior TCC bypasses like HM-Surf and powerdir, the implications of this vulnerability, which we refer to as “Sploitlight” for its use of Spotlight plugins, are more severe due to its ability to extract and leak sensitive information cached by Apple Intelligence, such as precise geolocation data, photo and video metadata, face and person recognition data, search history and user preferences, and more. These risks are further complicated and heightened by the remote linking capability between iCloud accounts, meaning an attacker with access to a user’s macOS device could also exploit the vulnerability to determine remote information of other devices linked to the same iCloud account. Now that the fix has been out for a few months, Microsoft is revealing the “SploitLight” exploit it discovered. Here’s a summary of what happened: Exploit targeted macOS’s Spotlight search and its metadata indexing process. Malicious apps dropped specially crafted plugins in user-writable directories. Spotlight would index these plugins, triggering execution without user interaction. This allowed access to protected locations like Downloads and Safari data. Apple Intelligence cache metadata could also be read due to weak TCC enforcement. Exploit bypassed Transparency, Consent, and Control (TCC) protections by design flaw. Microsoft points to the fix that arrived at the end of March. Apple released a fix for this vulnerability, now identified as CVE-2025-31199, as part of security updates for macOS Sequoia, released on March 31, 2025. We thank the Apple security team for their collaboration in addressing this vulnerability and encourage macOS users to apply these security updates as soon as possible. Users are advised to update to the latest version of macOS to ensure they’re protected from this vulnerability. Microsoft provides full technical details in its research post, including a demo of the exploit in action.