Microsoft found a macOS flaw letting attackers access private data from protected areas like Downloads and Apple Intelligence caches.
Microsoft Threat Intelligence researchers discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC).
Apple’s Transparency, Consent, and Control framework in macOS is designed to protect user privacy by managing how apps access sensitive data and system resources. It requires applications to request explicit user permission before they can access certain types of information or system features.
The vulnerability discovered by Microsoft researchers Jonathan Bar Or, Alexia Wilson, and Christine Fossaceca, tracked as CVE-2025-31199, was patched by Apple in March with the release of macOS Sequoia 15.4.
Spotlight is a macOS search tool that utilizes plugins called .mdimporters to index files. These run in sandboxed processes but have privileged file access. Microsoft researchers discovered attackers could exploit this via a custom Spotlight plugin to bypass TCC protections and read sensitive files like those in Downloads or Photos folders. By modifying an unsigned plugin’s metadata and forcing Spotlight to load it, an attacker could log private file contents without needing TCC permissions. The researchers developed a proof-of-concept tool, named “Sploitlight,” that demonstrates this vulnerability. Apple addressed the flaw CVE-2025-31199 in macOS 15.4 by improving data redaction and plugin handling.
“Due to the privileged access that Spotlight plugins have to sensitive files for indexing purposes, Apple imposes heavy restrictions on them via its Sandbox capabilities. On modern macOS systems, Spotlight plugins are not even permitted to read or write any file other than the one being scanned.” states Microsoft. “However, we have concluded that this is insufficient, as there are multiple ways for attackers to exfiltrate the file’s contents. “
The Sploitlight exploit allows attackers to bypass TCC protections and access Apple Intelligence cache files, like Photos.sqlite and photos.db, stored in the Pictures directory. These files contain sensitive data: GPS locations, timestamps, device info, face recognition data, activity history, and shared album details. Attackers can also access deleted media metadata and AI-generated labels. Since metadata syncs via iCloud, they may gain insights from other linked Apple devices too. The researchers warn that other Apple Intelligence caches, like email summaries and AI-written notes, are also at risk, exposing further private data.
“The ability to further exfiltrate private data from protected directories, such as the Downloads folder and Apple Intelligence caches, is particularly alarming due to the highly sensitive nature of the information that can be extracted, including geolocation data, media metadata, and user activities.” concludes the report. “The implications of this vulnerability are even more extensive given the remote linking capability between devices using the same iCloud account, enabling attackers to determine more remote information about a user through their linked devices. Understanding the implications of TCC bypass vulnerabilities is essential for building proactive defenses that safeguard user data from unauthorized access.”
In October 2024, Microsoft discovered another vulnerability, tracked as CVE-2024-44133 and code-named ‘HM Surf’, in Apple’s Transparency, Consent, and Control (TCC) framework in macOS.
Successful exploitation of the flaw could allow attackers to bypass privacy settings and access user data.
The “HM Surf” vulnerability removes TCC protection from Safari, allowing access to user data, including browsing history, camera, microphone, and location without consent.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, TCC)
