Critical macOS flaw could leak your Apple Intelligence secrets: Microsoft
What's the story
Microsoft has flagged a critical security flaw in macOS, one that could have given malicious apps access to highly sensitive user data. The vulnerability, dubbed "SploitLight," exploited the way Spotlight, the built-in search tool of macOS, indexes plugin data. It allowed attackers to bypass Apple's privacy safeguards and access metadata from Apple Intelligence (AI), including photo/video tags and precise location data.
Exploit details
How the SploitLight exploit worked
The SploitLight exploit worked by dropping malicious Spotlight plugins into user-writable directories. These plugins were automatically indexed and executed by Spotlight without any user interaction. This way, attackers could bypass Apple's Transparency, Consent, and Control (TCC) framework that usually prevents unauthorized access to protected files like those in the Downloads folder or Safari cache.
Data extraction
Exploit could extract cached data from Apple's AI system
Microsoft also revealed that the SploitLight exploit could be used by attackers to extract metadata cached by Apple Intelligence, Apple's new AI system. This included information such as photo/video tags, precise location data, face and person recognition info, search history and user preferences. The tech giant warned that this sensitive metadata could be used to track a user's habits and movements if exfiltrated.
Cross-device impact
Attackers could infer activity across other Apple devices too
The SploitLight exploit's impact wasn't limited to a single device. If an attacker had access to the same iCloud account, they could extend their reach to other Apple devices connected with it. By linking cached data across iCloud, an attacker could infer activity on iPhones, iPads or other Macs tied to the victim's profile.
Patch details
Apple has patched the underlying vulnerability
Apple quietly patched the SploitLight vulnerability, now tracked as CVE-2025-31199, in a security update on March 31, 2025. The patch was released with macOS Sequoia. Microsoft has only just gone public with this issue after confirming that the fix is in place. However, users running older versions of macOS are still at risk and are strongly advised to update their systems immediately.