macOS Spotlight Vulnerability Discovered by Microsoft
Microsoft Threat Intelligence found a Spotlight-related vulnerability that could allow attackers to steal private file data, outlining the issue in a blog post today. Microsoft's threat team is calling the exploit "Sploitlight" because it uses Spotlight plugins.
According to Microsoft, the vulnerability is a Transparency, Consent, and Control (TCC) bypass that can leak sensitive info cached by Apple Intelligence. Attackers could have used it to get precise location data, photo and video metadata, face recognition data from the Photo Library, search history, AI email summaries, user preferences, and more.
TCC is designed to keep apps from accessing personal information without user consent. Spotlight plugins that allow app files to appear in search are sandboxed by Apple and heavily restricted from accessing sensitive files, but Microsoft found a way around that. Microsoft researchers tweaked the app bundles that Spotlight pulls in, leaking file contents.
Microsoft shared details of the bypass with Apple, and Apple addressed the issue in macOS 15.4 and iOS 15.4, updates that came out on March 31. The vulnerability was never actively exploited, because Apple was able to fix it before it was disclosed.
Apple's security support document for the update said that the problem was addressed through improved data redaction. Apple fixed two other vulnerabilities that were credited to Microsoft at the same time with improved validation of symlinks and improved state management.
Full information on how the exploit worked can be found on Microsoft's website.
Popular Stories
Apple today introduced the iPhone 17 Pro and iPhone 17 Pro Max.
Both devices feature a new aluminum unibody design, with the Ceramic Shield now protecting both the front and back sides. Apple says the front side is now Ceramic Shield 2, which offers 3x better scratch resistance, while the rear Ceramic Shield is advertised as 4x more resistant to cracks compared to the back glass on previous...
Apple's "Awe Dropping" event kicks off today at 10:00 a.m. Pacific Time, where we're expecting to see the iPhone 17 lineup, several updated Apple Watch models, and the third-generation AirPods Pro unveiled, and perhaps some other announcements.
Apple is providing a live video stream on its website, on YouTube, and in the company's TV app across various platforms. We will also be updating...
Apple continues to phase out the physical SIM card tray on iPhones, with the latest models relying solely on eSIM technology in more countries.
The new iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max support eSIMs only in these countries and regions, according to Apple:
Bahrain
Canada
Guam
Japan
Kuwait
Mexico
Oman
Qatar
Saudi Arabia
United Arab Emirates
Un...
Apple today unveiled the iPhone Air, an all-new kind of iPhone featuring an ultra-thin design.
The iPhone Air is just 5.6mm thick, making it the thinnest iPhone ever. The frame is made of titanium with a polished mirror finish. The device features Ceramic Shield 2 with 3x better scratch resistance and 4x better crack resistance, on both sides of the device for the first time. Apple says that ...
Apple is preparing to launch two versions of the AirPods Pro 3 over 2025 and 2026, according to a Weibo leaker.
Yesterday, supply chain analyst Ming-Chi Kuo reported that Apple is planning to debut the AirPods Pro 3 this year. They could arrive as soon as this week at Apple's "Awe dropping" event.
Crucially, Kuo added that Apple is planning to introduce a successor to this year's AirPods ...
Apple has confirmed the battery capacities for the iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max models that were announced earlier today.
Apple is required to publish energy labels on its iPhone product pages in the EU, and they reveal the official mAh battery capacities for the devices.
Here are the battery capacities for each model, according to Apple:
iPhone 17:...
