macOS Spotlight Vulnerability Discovered by Microsoft
Microsoft Threat Intelligence found a Spotlight-related vulnerability that could allow attackers to steal private file data, outlining the issue in a blog post today. Microsoft's threat team is calling the exploit "Sploitlight" because it uses Spotlight plugins.
According to Microsoft, the vulnerability is a Transparency, Consent, and Control (TCC) bypass that can leak sensitive info cached by Apple Intelligence. Attackers could have used it to get precise location data, photo and video metadata, face recognition data from the Photo Library, search history, AI email summaries, user preferences, and more.
TCC is designed to keep apps from accessing personal information without user consent. Spotlight plugins that allow app files to appear in search are sandboxed by Apple and heavily restricted from accessing sensitive files, but Microsoft found a way around that. Microsoft researchers tweaked the app bundles that Spotlight pulls in, leaking file contents.
Microsoft shared details of the bypass with Apple, and Apple addressed the issue in macOS 15.4 and iOS 15.4, updates that came out on March 31. The vulnerability was never actively exploited, because Apple was able to fix it before it was disclosed.
Apple's security support document for the update said that the problem was addressed through improved data redaction. Apple fixed two other vulnerabilities that were credited to Microsoft at the same time with improved validation of symlinks and improved state management.
Full information on how the exploit worked can be found on Microsoft's website.
Popular Stories
In the fourth iOS 26.1 beta, Apple added a "Tinted" option that reduces the translucency of Liquid Glass for those who prefer a more opaque look. I saw some comments wondering whether the setting might preserve battery life, so I thought I'd do some testing.
Test Settings
I did four separate tests using the iPhone 17 Pro Max, and I kept the parameters as similar as possible. Here are the...
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more.
iOS 26.1 is currently in beta testing. The update will likely be released in the first half of November, and it is compatible with the iPhone 11 series and newer, but some...
Apple Maps could feature integrated ads as soon as next year, Bloomberg's Mark Gurman reports.
In his latest "Power On" newsletter, Gurman said that Apple's plan to bring more ads to iOS is moving "gaining traction," with the Maps app being next in line. The project will apparently give restaurants and other businesses the option to pay to have their details featured more prominently in...
At least some new iPhone models launching next year may support full 5G satellite internet, according to a report this week from The Information.
"Apple plans to add support in upcoming iPhones as early as next year for 5G networks that aren't tethered to Earth's surface, which includes satellites," the report said. "That would give the iPhone full internet access over satellite," it added.
...
Apple is one of several tech companies that will contribute to the construction of U.S. President Donald Trump's 90,000-square-foot ballroom, reports CNN.
Construction began on the ballroom this week, and the White House's east wing was torn down. Trump claims that the ballroom will cost $350 million, and that it will be privately funded through donations. The cost has already increased $150 ...
Apple's upcoming iPhone 18 could feature 50% more memory than its predecessor, according to Korea's The Bell.
With its latest iPhone lineup, the iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max feature 12GB of memory. This is a significant increase of 4GB more their predecessors, largely driven by the demands of on-device artificial intelligence processing.
The iPhone 17 is the only new...
The upcoming iOS 26.1 update includes a handful of new features and changes for iPhones, including a toggle for changing the appearance of the Liquid Glass design, "slide to stop" for alarms in the Clock app, and more.
Below, we outline key details about iOS 26.1.
Release Date
Given that Apple has yet to seed an iOS 26.1 Release Candidate, which is typically the final beta version, the...
Apple's new iPhone lineup launched in the fall of 2027 will be called the "iPhone 20" models, rather than the "iPhone 19," according to research firm Omdia.
Speaking at a conference in Seoul (via ETNews), Omdia Chief Researcher Heo Moo-yeol corroborated rumors that Apple plans to move the launch of its standard iPhone to the first half of the year and provided some additional clarity about...
In July, Apple sued well-known YouTuber Jon Prosser and his acquaintance Michael Ramacciotti over alleged theft of the company's trade secrets, after Prosser leaked some iOS 26 details in videos uploaded to his YouTube channel Front Page Tech. If you are not caught up on the lawsuit, read our initial coverage to learn more.
Earlier this week, Prosser told The Verge he has "been in active...
