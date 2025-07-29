Tuesday, July 29, 2025 | 12:05 PM ISTहिंदी में पढें
Business Standard
Notification Icon
userprofile IconSearch
Home / Technology / Tech News / Using Apple's Mac device? Update it to latest macOS now: Check reason here

Using Apple's Mac device? Update it to latest macOS now: Check reason here

Reportedly, Microsoft has disclosed a macOS flaw dubbed 'Sploitlight' that could have let attackers access highly sensitive data cached by Apple Intelligence. Apple has patched it with Sequoia 15.4

Spotlight on macOS

Spotlight on macOS

Harsh Shivam New Delhi
3 min read Last Updated : Jul 29 2025 | 12:02 PM IST

Listen to This Article

The Microsoft Threat Intelligence team uncovered a serious vulnerability in macOS that could have allowed attackers to steal personal data including files and caches linked to Apple Intelligence. The issue, dubbed “Sploitlight”, was found in how Spotlight, macOS’s built-in search tool, handles certain plugins.
 
While Apple fixed the flaw in macOS Sequoia 15.4 back in March 2025, Microsoft is now detailing how dangerous the bug could have been, especially because it could potentially reveal sensitive AI-generated data and affect other devices linked to the same iCloud account. 
 

What was the risk?

At the core of this flaw is TCC (Transparency, Consent, and Control), a system Apple uses to protect private data like your location, photos, downloads, and more. Apps normally need your explicit permission to access such data.
 
But Microsoft’s researchers found a way to bypass these protections using Spotlight importers. These are essentially the plugins that help index files so they show up in searches. By tweaking how these plugins work, attackers could potentially access files without the user ever granting permission.

Also Read

Copilot Mode in Microsoft Edge

Microsoft Edge gets Copilot Mode as AI browser race intensifies: What's new

Nayara Energy, Nayara

Nayara Energy sues Microsoft over EU sanctions-linked service suspension

Microsoft logo, Microsoft

Nayara Energy moves Delhi HC against Microsoft for suspending key services

Microsoft, Vaulted Deep

Decoded: How human poop became Microsoft's tool to fight climate change

Microsoft logo, Microsoft

Microsoft hack hits hundreds of firms, agencies as damage spreads

 
The exposed data could include:
  • Photo and video metadata, including face recognition tags
  • Geolocation data
  • Search history and app usage patterns
  • AI-generated summaries from Apple Intelligence
  • Private files in protected folders like Downloads
One of the most concerning aspects of this vulnerability is its link to Apple Intelligence, Apple’s suite of AI-powered tools for tasks like summarising emails or organising photos. These tools cache data locally to function quickly and privately.
 
However, Microsoft discovered that those cached files could be accessed using this bug. That means attackers could potentially extract AI-generated content, including summaries of emails and notes, as well as data used in photo face recognition.
Making matters worse, attackers with access to one device could infer information about other Apple devices tied to the same iCloud account. For instance, even though photo databases differ across devices, metadata like face tags and shared content are synced. So, someone accessing a Mac could gain partial insight into what's on the user's iPhone or iPad without physically accessing them.

Has the vulnerability been addressed?

Microsoft said that it disclosed the vulnerability through its Coordinated Vulnerability Disclosure program. Apple addressed the issue – now tracked as CVE-2025-31199 – in an update released on March 31, 2025 – macOS Sequoia 15.4 version.
 
While the Microsoft blog said that the vulnerability was never seen in the wild, users are still requested to update their Mac devices to macOS Sequoia 15.4 or later.

More From This Section

Amazon Great Freedom Festival Sale

Amazon Great Freedom Festival sale: Check offers on Samsung, Apple and more

BGMI

BGMI's new set of redeem codes arrives: How to win skins, weapon upgrades

Samsung One UI 8 update

One UI 8 prevents bootloader unlock on Samsung Galaxy phones: What it means

Garena Free Fire Max

Garena Free Fire Max: July 29 redeem codes to win diamonds, skins, and more

Tech Wrap July 28

Tech Wrap July 28: Redmi Redmi Note 14 SE, Perplexity's Mac app, AI Mode

Topics : Microsoft Apple MacBook Pro Apple Technology

Don't miss the most important news and views of the day. Get them on our Telegram channel

First Published: Jul 29 2025 | 12:02 PM IST

Explore News

Stock Market LIVE UpdatesParliament monsoon session LIVEQ4 Results TodayBrigade Hotel Ventures IPO AllotmentZerodha Multi Asset Passive FoFInternational Tiger Day 2025Laxmi India Finance IPOQ1 Result TodayUpcoming Q1 ResultsUpcoming IPO 2025
Business Standard
HOT STOCKS
TOP SECTIONS
KEY EVENTS
Copyrights © 2025 Business Standard Private Ltd. All rights reserved
LinkedIN Icon