macOS Spotlight Vulnerability Discovered by Microsoft - MacRumorsOpen MenuShow RoundupsShow Forums menuVisit ForumsOpen Sidebar
Skip to Content

macOS Spotlight Vulnerability Discovered by Microsoft

Microsoft Threat Intelligence found a Spotlight-related vulnerability that could allow attackers to steal private file data, outlining the issue in a blog post today. Microsoft's threat team is calling the exploit "Sploitlight" because it uses Spotlight plugins.

bug security vulnerability issue fix larry
According to Microsoft, the vulnerability is a Transparency, Consent, and Control (TCC) bypass that can leak sensitive info cached by Apple Intelligence. Attackers could have used it to get precise location data, photo and video metadata, face recognition data from the Photo Library, search history, AI email summaries, user preferences, and more.

TCC is designed to keep apps from accessing personal information without user consent. Spotlight plugins that allow app files to appear in search are sandboxed by Apple and heavily restricted from accessing sensitive files, but Microsoft found a way around that. Microsoft researchers tweaked the app bundles that Spotlight pulls in, leaking file contents.

Microsoft shared details of the bypass with Apple, and Apple addressed the issue in macOS 15.4 and iOS 15.4, updates that came out on March 31. The vulnerability was never actively exploited, because Apple was able to fix it before it was disclosed.

Apple's security support document for the update said that the problem was addressed through improved data redaction. Apple fixed two other vulnerabilities that were credited to Microsoft at the same time with improved validation of symlinks and improved state management.

Full information on how the exploit worked can be found on Microsoft's website.

Popular Stories

iCloud iPhone 17 Pro

iPhone Users Who Pay for iCloud Storage Get Two New Perks on iOS 27

Thursday July 2, 2026 6:10 am PDT by
If you pay for certain iCloud+ storage plans beyond the 5GB that Apple offers for free, you will receive two more perks on iOS 27 at no additional cost. A summary of the two new iCloud+ perks on iOS 27:Increased daily usage limits for some new Apple Intelligence features, including image generation in the revamped Image Playground app. HomeKit Secure Video cameras receive generated video...
Apple Event Logo

Apple Just Released a New Product

Thursday July 2, 2026 8:04 am PDT by
Apple's first product release of summer 2026 occurred this week, but do not get too excited, as it is merely the Beats Solo Buds in a new color. Beats Solo Buds are now offered in orange through Best Buy in the U.S., with availability set to expand to 7-Eleven stores in Japan on July 4. Apple already offered orange Solo Buds in India for free with the purchase of an iPhone 15 or iPhone 15 ...
iPhone 4 on Black Feature

Apple Facing One of Its Worst Leaks Since the iPhone 4

Thursday July 2, 2026 9:53 am PDT by
Apple supplier Tata Electronics recently suffered a cyberattack that resulted in thousands of confidential files being published on the dark web, and this reportedly included some photos and documents related to the upcoming iPhone 18 Pro. We have elected not to share any of the leaked photos in this story due to the illegal nature in which they were obtained, but they can easily be found...

Top Rated Comments

12 months ago
I don't often complain about headlines here, but unless I'm missing something, this one strikes me as misleading. I read it and the article thinking that this was a new, unaddressed vulnerability, only to find that it was taken care of by Apple a few months ago.
Score: 22 Votes (Like | Disagree)
carswell Avatar
12 months ago
Another reason to turn off Apple "Intelligence"! /s
Score: 14 Votes (Like | Disagree)
12 months ago
Nice to know, but a click-baity headline. Skimmers will assume this is active.
Score: 11 Votes (Like | Disagree)
johannnn Avatar
12 months ago
What's the news here? Every .x update includes security patches. And this was a .x release back in March lol
Score: 10 Votes (Like | Disagree)
urmaster Avatar
12 months ago

I don't often complain about headlines here, but unless I'm missing something, this one strikes me as misleading. I read it and the article thinking that this was a new, unaddressed vulnerability, only to find that it was taken care of by Apple a few months ago.
I guess Microsoft followed responsible disclosure methods so it's quite right that we're only hearing about it after the patch is widely deployed.
Score: 7 Votes (Like | Disagree)
12 months ago
Not to worry, everyone, because Apple was able to fix this before it ever affected a single customer. Apple was able to do this because of their best-in-class privacy, which only Apple can provide!
Score: 5 Votes (Like | Disagree)