Security researchers at Microsoft have uncovered a critical macOS vulnerability, dubbed Sploitlight, that allows attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework and harvest highly sensitive user data – including insights derived from Apple Intelligence.
The vulnerability, tracked as CVE-2025-31199, was patched from March 2-25 but serves as a stark reminder of how identity threats to modern operating systems are evolving.
Spotlight Becomes an Attack Vector
Sploitlight uses Spotlight, macOS’s native search functionality, to subvert TCC protections. While TCC is designed to prevent unauthorized applications from accessing private user data without explicit consent, attackers found a way to execute malicious Spotlight plugins with elevated privileges. These plugins, when abused, can access private files without triggering security alerts or requiring full disk access permissions.
According to Microsoft, the flaw originated form a logging issue within Spotlights plugin handling mechanism. Exploiting this issue allowed attackers to access sensitive TCC-protected locations – such as directories storing Apple Intelligence caches, photo and video metadata, face recognition data, and location histories – without user consent.
Apple Intelligence: A New Kind of Target
Sploitlight is notable because it can exfiltrate structured behavioral data generated by Apple Intelligence, the on-device AI system integrated into recent macOS versions. These caches contain months of AI-enriched metadata that provide deep insight into user behavior, activities, and preferences.
“Sploitlight transforms traditional privacy violations into AI-enriched behavioral profiling attacks,” warns Jason Soroko, Senior Fellow at Sectigo. “The cache becomes a critical trust boundary requiring secure enclave-level protection.”
Such high-value data means that compromising one endpoint can expose user activity across all iCloud-linked devices, expanding the blast radius of the attack significantly.
Machine Identities are an Overlooked Risk
Beyond traditional human user identities, Sploitlight undercores a growing blind spot in cybersecurity: machine identities. Filipi Pires, Head of Identity Threat Labs at Segura, emphasized the significance of understanding and controlling not only human access but also system-level services and plugins.
“Attackers weaponized trusted machine processes,” Pires noted. “This demands a robust machine identity management strategy, including certificate lifecycle management and behavioral baselining for system components.”
Sploitlight plugins, though signed with Developer ID certificates, can still be hijacked if the signing certificates are compromised. This threat elevates certificate governance to a top-tier concern. Once a malicious plugin is signed and executed, it operates with elevated access that can bypass traditional endpoint defenses.
MacOS Security: A History of TCC Bypasses
This isn’t the first time Apple’s TCC framework has been vulnerable. Since 2020, Apple has patched multiple TCC-related vulnerabilities, including:
- CVE-2020-9771: Time Machine mount bypass
- CVE-2020-9934: Environment variable poisoning
- CVE-2021-30713: Bundle conclusion flaw
- CVE-2021-30970 (powerdir): Local access TCC bypass
Sploitlight, however, marks a shift toward exploiting the AI features themselves, rather than just bypassing access controls.
Strengthening macOC Defenses Beyond Patching
Patching CVE-2025-31199 is necessary, but doesn’t go far enough. Shane Barney, CISO at Keeper Security, cautions that “built-in operating system protections aren’t enough to secure today’s environments.” He recommends layering defenses through endpoint protection, restricted administrative rights, and regular audits for unauthorized components.
To reduce risk, organizations should:
- Audit Developer ID certificates used to sign Spotlight plugins
- Monitor system-level plugin activity with EDR and application control
- Apply least privilege principles across both human and machine identities
- Avoid local caching of secrets, using secure vaults and dynamic provisioning
- Treat certificate governance as a core defense, not a peripheral control
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.