Sploitlight: When Mac’s Spotlight Shines a Light on Your Secrets!
A macOS vulnerability called “Sploitlight” lets attackers bypass privacy controls and access sensitive data by exploiting Spotlight plugins. Tracked as CVE-2025-31199, this flaw was found by Microsoft Threat Intelligence. Apple has patched it, so updating your system is crucial to protect your data.
Hot Take:
Move over, Sherlock Holmes! There’s a new detective in town, and it’s called “Sploitlight.” While Apple was busy perfecting its AI-powered macOS features, Microsoft’s team of digital sleuths uncovered a sneaky vulnerability that lets hackers play peek-a-boo with your private data. Spotlight plugins? More like “Spotlight the nosy neighbor,” am I right? So, Mac users, patch up before your Downloads folder becomes the talk of the cyber-village!
Key Points:
- Microsoft Threat Intelligence discovered the “Sploitlight” macOS vulnerability, allowing data access via Spotlight plugins.
- The flaw circumvents Apple’s TCC protections, exposing sensitive data like geolocation and metadata.
- Attackers exploit the vulnerability by altering Spotlight importers to extract data from TCC-protected locations.
- Apple has patched the flaw in macOS Sequoia, urging users to update immediately.
- Exploiting this vulnerability on a Mac can also breach data on linked iCloud devices like iPhones and iPads.
Already a member? Log in here