macOS Spotlight Vulnerability Discovered by Microsoft

by

Microsoft Threat Intelligence found a Spotlight-related vulnerability that could allow attackers to steal private file data, outlining the issue in a blog post today. Microsoft's threat team is calling the exploit "Sploitlight" because it uses Spotlight plugins.

bug security vulnerability issue fix larry
According to Microsoft, the vulnerability is a Transparency, Consent, and Control (TCC) bypass that can leak sensitive info cached by Apple Intelligence. Attackers could have used it to get precise location data, photo and video metadata, face recognition data from the Photo Library, search history, AI email summaries, user preferences, and more.

TCC is designed to keep apps from accessing personal information without user consent. Spotlight plugins that allow app files to appear in search are sandboxed by Apple and heavily restricted from accessing sensitive files, but Microsoft found a way around that. Microsoft researchers tweaked the app bundles that Spotlight pulls in, leaking file contents.

Microsoft shared details of the bypass with Apple, and Apple addressed the issue in macOS 15.4 and iOS 15.4, updates that came out on March 31. The vulnerability was never actively exploited, because Apple was able to fix it before it was disclosed.

Apple's security support document for the update said that the problem was addressed through improved data redaction. Apple fixed two other vulnerabilities that were credited to Microsoft at the same time with improved validation of symlinks and improved state management.

Full information on how the exploit worked can be found on Microsoft's website.

Tag: Vulnerabiltiies

Popular Stories

iPhone 17 Pro Dark Blue and Orange

When Is iPhone 17 Coming Out?

Thursday July 24, 2025 9:11 am PDT by
Apple's iPhone 17 series is expected to debut in September 2025. This release follows Apple's recent trend of introducing new iPhone models annually in the fall. To unveil the iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max, Apple is expected to hold its annual iPhone announcement event during the week of September 8, 2025, with September 9 or 10 emerging as the most likely...
Read Full Article
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Launching in Two Months With These 16 New Features

Saturday July 26, 2025 5:50 am PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max should launch in late September, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models, as of July 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14...
Read Full Article209 comments
iPhone 17 Pro on Desk Centered 1

Tipster: iPhone 17 Pro to Feature 8x Zoom, Pro Camera App, and More

Sunday July 27, 2025 7:35 am PDT by
Apple's upcoming iPhone 17 Pro models will have several new camera-related features, according to an anonymous tipster who contacted MacRumors today. The tipster claimed to be familiar with an iPhone 17 Pro commercial that is allegedly being produced by a film company that has publicly listed Apple as one of its clients. MacRumors has not independently confirmed any of the information shared ...
Read Full Article236 comments
Apple Partridge Creek

Apple Store in Michigan Permanently Closing Next Month

Saturday July 26, 2025 1:51 pm PDT by
Earlier this month, MacRumors was first to report that Apple was planning to permanently close its Partridge Creek store, just outside of Detroit, Michigan, and now the company has announced a closure date for the location. Apple Partridge Creek Apple Partridge Creek's final day of business will be Saturday, August 16, with the store set to close for good at 8 p.m. local time that day. All of ...
Read Full Article54 comments
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3: What to Expect

Thursday July 24, 2025 7:08 am PDT by
The long wait for an Apple Watch Ultra 3 is nearly over, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the Apple Watch Ultra 3:Satellite connectivity for sending and receiving text messages when Wi-Fi and cellular coverage is unavailable 5G support, up from LTE on the Apple Watch Ultra 2 Likely a wide-angle OLED display that ...
Read Full Article
iOS 18

Apple Shares iOS 18.6 Release Notes

Thursday July 24, 2025 6:33 am PDT by
While the focus is now on iOS 26, there is still an iOS 18.6 update incoming. As noted by Aaron Zollo, Apple on Wednesday re-labeled iOS 18.6 Beta 4 as simply iOS 18.6, meaning that it is the Release Candidate version. This change effectively confirms that the update will be released to the public next week. Alongside the new label, Apple shared release notes for iOS 18.6, which is a...
Read Full Article10 comments
iPhone 17 Colors

All 15 New iPhone 17 and iPhone 17 Pro Colors Leaked

Friday July 25, 2025 6:20 am PDT by
We may finally have a definitive list of all color options for the iPhone 17 series, ahead of the devices launching in September. MacRumors concept In a Macworld report this month, Filipe Espósito said he obtained an "internal document" that allegedly reveals all of the color options for the upcoming iPhone 17, iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max models. The report...
Read Full Article
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Launching in Two Months With These 16 New Features

Tuesday July 22, 2025 5:00 pm PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max are less than two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models, as of July 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14...
Read Full Article

Top Rated Comments

Roller Avatar
Roller
9 hours ago at 09:38 am
I don't often complain about headlines here, but unless I'm missing something, this one strikes me as misleading. I read it and the article thinking that this was a new, unaddressed vulnerability, only to find that it was taken care of by Apple a few months ago.
Score: 15 Votes (Like | Disagree)
johannnn Avatar
johannnn
9 hours ago at 09:40 am
What's the news here? Every .x update includes security patches. And this was a .x release back in March lol
Score: 8 Votes (Like | Disagree)
Jerry Fritschle Avatar
Jerry Fritschle
9 hours ago at 09:43 am
Nice to know, but a click-baity headline. Skimmers will assume this is active.
Score: 8 Votes (Like | Disagree)
carswell Avatar
carswell
9 hours ago at 09:36 am
Another reason to turn off Apple "Intelligence"! /s
Score: 5 Votes (Like | Disagree)
urmaster Avatar
urmaster
9 hours ago at 10:12 am

I don't often complain about headlines here, but unless I'm missing something, this one strikes me as misleading. I read it and the article thinking that this was a new, unaddressed vulnerability, only to find that it was taken care of by Apple a few months ago.
I guess Microsoft followed responsible disclosure methods so it's quite right that we're only hearing about it after the patch is widely deployed.
Score: 3 Votes (Like | Disagree)
goonie4life9 Avatar
goonie4life9
9 hours ago at 09:37 am
Not to worry, everyone, because Apple was able to fix this before it ever affected a single customer. Apple was able to do this because of their best-in-class privacy, which only Apple can provide!
Score: 3 Votes (Like | Disagree)
Read All Comments