A newly disclosed macOS vulnerability is permitting attackers to bypass Apple’s privateness controls and entry delicate person information, together with information cached by Apple Intelligence. Tracked as CVE-2025-31199, the flaw was recognized by Microsoft Risk Intelligence and includes a way that abuses Highlight plugins to leak protected information.
Microsoft Risk Intelligence, which initially noticed the vulnerability, revealed the flaw and dubbed the exploit “Sploitlight” resulting from its abuse of Highlight plugins. Whereas Apple has already launched a patch, the technical technique behind the exploit ought to be regarding for macOS customers, particularly these utilizing Apple’s newest AI-powered options.
All of it begins with how Highlight, macOS’s built-in search device, handles plugins referred to as importers. These are designed to assist index content material from particular apps like Outlook or Images.
Microsoft researchers discovered that attackers may modify these importers to scan and leak delicate information from TCC-protected places like Downloads and Photos, even with out the person’s permission. The trick? Logging file contents in chunks by way of the system log, then quietly retrieving them.
Nonetheless, in accordance with the corporate’s weblog submit, it will get worse. Apple Intelligence, put in by default on all ARM-based Macs, shops caches containing geolocation information, photograph and video metadata, recognised faces, and even search historical past.
This data, protected beneath TCC (Transparency, Consent, and Management) guidelines, is often out of attain to apps with out person consent. However utilizing Sploitlight, attackers can pull this information instantly from the caches, bypassing the system’s consent mechanisms fully.
Microsoft’s proof-of-concept reveals a transparent step-by-step course of attackers may use to take advantage of the flaw. By modifying the metadata of a Highlight plugin, putting it in a selected listing, and triggering a scan, attackers can faucet into delicate folders with out ever requesting entry. And since these plugins don’t must be signed, no compilation is critical. Just a few tweaks to a textual content file are all it takes.
Apple’s patch, launched in March 2025 for macOS Sequoia, addresses this flaw. Microsoft thanked Apple’s safety group for cooperating beneath Coordinated Vulnerability Disclosure and urged customers to put in the updates at once.
The impression goes additional than the mechanics of the exploit and impacts actual person information. Since metadata and facial recognition data sync throughout Apple units by way of iCloud, attackers exploiting a single Mac may additionally achieve oblique insights into iPhones or iPads linked to the identical account.
This isn’t the primary TCC bypass Apple has handled. Earlier examples like powerdir and HM-Surf relied on completely different system parts, however Sploitlight’s use of Highlight importers makes the assault each refined and efficient. It blurs the strains between trusted working system parts and what might be injected from user-controlled sources.
If you happen to use a Mac, particularly one with Apple Intelligence options energetic, be sure that your system is updated. The repair for CVE-2025-31199 is reside and out there, and making use of it closes off this very particular manner of knowledge theft.
