Spotlight on MacOS Flaw: How Hackers Could Have Bypassed Apple’s TCC Protections!

Microsoft shines a light on Sploitlight, a macOS vulnerability that bypassed Apple’s TCC protections. This flaw turned Spotlight plugins into unwitting spies, leaking sensitive data. Thankfully, Apple’s macOS Sequoia 15.4 update dimmed Sploitlight’s mischief.

3P
Published: July 29, 2025 11:28 amAdded: July 29, 2025 at 4:58 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like Apple’s TCC protections are more transparent than consented! Who knew macOS had a secret spotlight for hackers to shine on your private data? Maybe Apple should consider renaming their operating system to macOS “Peek-a-boo”—because that’s exactly what hackers have been doing with your files! Time for Apple to get better at playing hide and seek!

Key Points:

  • Microsoft identified a vulnerability in macOS allowing attackers to bypass TCC protections.
  • The flaw, CVE-2025-31199, was fixed in March 2025 with updates to macOS, iOS, iPadOS, and visionOS.
  • Spotlight plugins could be exploited to leak sensitive user information and file contents.
  • Attackers could access personal data like geolocation, photos, and even remote device info via iCloud.
  • Microsoft developed a proof-of-concept exploit, Sploitlight, to demonstrate the vulnerability.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?