A recently disclosed vulnerability in macOS is raising alarms as it allows attackers to bypass Apple’s privacy controls, potentially exposing sensitive user data. Tracked as CVE-2025-31199, the flaw was discovered by Microsoft Threat Intelligence, which aptly named the exploit ‘Sploitlight’ due to its manipulation of Spotlight plugins to leak protected files. The issue primarily revolves around how Spotlight, the built-in search tool for macOS, interacts with plugins known as importers.
According to researchers, this vulnerability could be exploited to access files stored in protected locations like Downloads and Pictures without requiring user consent. By modifying these importers, attackers can covertly log and retrieve file contents through the system’s logs, posing a significant threat to user privacy.
Furthermore, the exploit’s implications extend to Apple Intelligence, a feature enabled by default on all ARM-based Macs. This service gathers cached information such as geolocation, photo metadata, and search history, all of which fall under the TCC (Transparency, Consent, and Control) rules that are intended to safeguard user privacy. Unfortunately, the Sploitlight attack circumvents these mechanisms, enabling unauthorized access to sensitive data.
Microsoft has provided a proof-of-concept which outlines the exact steps attackers can undertake to manipulate Spotlight functionality to their advantage. In response to the growing concerns, Apple released a patch in March 2025 specifically addressing this vulnerability, and users are strongly urged to apply the necessary updates. Given that such metadata can be synced across Apple devices via iCloud, the risks associated with this flaw are heightened, demonstrating the interconnectedness of Apple’s ecosystem.
This vulnerability is not a novel issue for Apple, as previous TCC bypasses like powerdir and HM-Surf have been documented, but Sploitlight’s methodology marks a particularly subtle and effective attack vector, emphasizing the need for increased vigilance among macOS users.