A newly discovered macOS vulnerability, tracked as CVE 2025 31199, allowed attackers to bypass Apple’s Transparency, Consent, and Control security system and access sensitive user data, including content cached by Apple Intelligence and information from other iCloud linked devices.
The flaw, named Sploitlight, was found by Microsoft security researchers Jonathan Bar Or, Alexia Wilson, and Christine Fossaceca. Apple patched the issue in March 2025 with macOS Sequoia 15.4 by improving data redaction, but the vulnerability had already exposed a wide range of private information.
TCC is a privacy framework in macOS that prevents apps from accessing personal data without permission. While access to TCC is limited to apps with full disk access, the researchers found that attackers could exploit Spotlight plugins to gain elevated access and steal protected files.
Microsoft’s report shows that an attacker could use this flaw to collect photo and video metadata, precise geolocation data, face and person recognition data, search history, user preferences, deleted photos and videos, and more. The issue becomes even more severe when considering Apple’s remote linking features in iCloud, which could allow attackers to view data from other devices connected to the same account.
Although similar to previous TCC bypasses like powerdir and HM Surf, Microsoft warned that Sploitlight poses a greater risk because of its ability to extract information from Apple Intelligence, a feature deeply integrated into newer versions of macOS.
This is one of several macOS security issues uncovered by Microsoft in recent years. Other serious flaws include Shrootless, a SIP bypass reported in 2021, Migraine in 2023, and Achilles, which allowed untrusted apps to bypass Gatekeeper protections. More recently, another SIP bypass (CVE 2024 44243) was found to allow attackers to load malicious kernel drivers.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Apple users are advised to update to the latest version of macOS to ensure they are protected from this and other known vulnerabilities.
