“Sploitlight” exploit bypasses macOS privacy to leak sensitive data.

Microsoft detailed a flaw in macOS Spotlight that can bypass Apple’s Transparency, Consent, and Control system to extract protected user data. By loading malicious, unsigned Spotlight importers, an attacker can index and leak files without requiring TCC permissions. Apple patched the issue in the March 31, 2025 macOS update under CVE-2025-31199 and advises users to install the fix. Successful exploitation could expose everything from downloads and photos to precise geolocation, facial recognition tags, and cached Apple Intelligence data across iCloud-linked devices.

Read more:

https://cybernews.com/security/microsoft-discovers-macos-flaw-exposing-user-secrets/