Microsoft Reveals Critical Security Flaw Affecting macOS’s Spolight
Readers help support Windows Report. We may get a commission if you buy through our links.
Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more
A recently discovered flaw in the security of macOS systems has the potential to allow malicious actors to bypass privacy protections, thus allowing them to acquire sensitive user data. For those wondering, Microsoft, with the help of its Threat Intelligence team, uncovered this vulnerability.
The vulnerability pertains to Apple’s rounds of Transparency, Consent, and Control (TCC) framework. It is designed to control apps’ access to private data. The vulnerability is tied to the Spotlight app on macOS, the file search app that uses plugins to index files.
The Spotlight plugins have enough privileges to access certain protected areas even in a sandboxed environment. The alert suggested that an adversary could “misuse” a Spotlight plugin to bypass TCC protections of data stored in areas that have stricter privacy restrictions, such as download folder or sensitive Apple Intelligence caches.
Researchers have also provided a proof-of-concept tool, called “Sploitlight,” that shows how files could be made visible, including photos, media metadata, and even deleted files in the Photos app. In photos, metadata could include GPS coordinates, timestamps, device info, and so on.
Although it would mostly be unintentional and more indirect, the vulnerable plugins could also access private data stored in Apple Intelligence caches, such as summaries of bounced email messages of items they passed on and/or generated by AI notes. The vulnerability was given CVE identifier CVE-2025-31199, and Apple patched it in a minor release of macOS Sequoia 15.4, released in March 2025.
