macOS Spotlight Vulnerability Discovered by Microsoft
Microsoft Threat Intelligence found a Spotlight-related vulnerability that could allow attackers to steal private file data, outlining the issue in a blog post today. Microsoft's threat team is calling the exploit "Sploitlight" because it uses Spotlight plugins.
According to Microsoft, the vulnerability is a Transparency, Consent, and Control (TCC) bypass that can leak sensitive info cached by Apple Intelligence. Attackers could have used it to get precise location data, photo and video metadata, face recognition data from the Photo Library, search history, AI email summaries, user preferences, and more.
TCC is designed to keep apps from accessing personal information without user consent. Spotlight plugins that allow app files to appear in search are sandboxed by Apple and heavily restricted from accessing sensitive files, but Microsoft found a way around that. Microsoft researchers tweaked the app bundles that Spotlight pulls in, leaking file contents.
Microsoft shared details of the bypass with Apple, and Apple addressed the issue in macOS 15.4 and iOS 15.4, updates that came out on March 31. The vulnerability was never actively exploited, because Apple was able to fix it before it was disclosed.
Apple's security support document for the update said that the problem was addressed through improved data redaction. Apple fixed two other vulnerabilities that were credited to Microsoft at the same time with improved validation of symlinks and improved state management.
Full information on how the exploit worked can be found on Microsoft's website.
Popular Stories
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall.
At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface.
The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas.
Image Credit: @MajinBuOfficial
The images show three alleged changes compared to Apple's iP...
Apple and Samsung have reportedly issued cease-and-desist notices to Xiaomi in India for an ad campaign that directly compares the rivals' devices to Xiaomi's products. The two companies have threatened the Chinese vendor with legal action, calling the ads "disparaging."
Ads have appeared in local print media and on social media that take pot shots at the competitors' premium offerings. One...
Apple will launch its new iPhone 17 series this month, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive.
If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming to...
Apple is preparing to release iOS 18.7 for compatible iPhone models, according to evidence of the update in the MacRumors visitor logs.
We expect iOS 18.7 to be released in September, alongside iOS 26. The update will likely include fixes for security vulnerabilities, but little else.
iOS 18.7 will be one of the final updates ever released for the iPhone XS, iPhone XS Max, and iPhone XR,...
