Using Apple's Mac device? Update it to latest macOS now: Check reason here

Reportedly, Microsoft has disclosed a macOS flaw dubbed 'Sploitlight' that could have let attackers access highly sensitive data cached by Apple Intelligence. Apple has patched it with Sequoia 15.4

Don't want to miss the best from Business Standard?

The Microsoft Threat Intelligence team uncovered a serious vulnerability in macOS that could have allowed attackers to steal personal data including files and caches linked to Apple Intelligence. The issue, dubbed “Sploitlight”, was found in how Spotlight, macOS’s built-in search tool, handles certain plugins.

 

While Apple fixed the flaw in macOS Sequoia 15.4 back in March 2025, Microsoft is now detailing how dangerous the bug could have been, especially because it could potentially reveal sensitive AI-generated data and affect other devices linked to the same iCloud account. 

What was the risk?

At the core of this flaw is TCC (Transparency, Consent, and Control), a system Apple uses to protect private data like your location, photos, downloads, and more. Apps normally need your explicit permission to access such data.

 

But Microsoft’s researchers found a way to bypass these protections using Spotlight importers. These are essentially the plugins that help index files so they show up in searches. By tweaking how these plugins work, attackers could potentially access files without the user ever granting permission.

 

The exposed data could include:

• Photo and video metadata, including face recognition tags
• Geolocation data
• Search history and app usage patterns
• AI-generated summaries from Apple Intelligence
• Private files in protected folders like Downloads

One of the most concerning aspects of this vulnerability is its link to Apple Intelligence, Apple’s suite of AI-powered tools for tasks like summarising emails or organising photos. These tools cache data locally to function quickly and privately.

 

However, Microsoft discovered that those cached files could be accessed using this bug. That means attackers could potentially extract AI-generated content, including summaries of emails and notes, as well as data used in photo face recognition.

Making matters worse, attackers with access to one device could infer information about other Apple devices tied to the same iCloud account. For instance, even though photo databases differ across devices, metadata like face tags and shared content are synced. So, someone accessing a Mac could gain partial insight into what's on the user's iPhone or iPad without physically accessing them.

Has the vulnerability been addressed?

Microsoft said that it disclosed the vulnerability through its Coordinated Vulnerability Disclosure program. Apple addressed the issue – now tracked as CVE-2025-31199 – in an update released on March 31, 2025 – macOS Sequoia 15.4 version.

 

While the Microsoft blog said that the vulnerability was never seen in the wild, users are still requested to update their Mac devices to macOS Sequoia 15.4 or later.