Redazione RHC : 29 July 2025 12:33
Microsoft said that attackers may have exploited a recently patched Transparency, Consent, and Control (TCC) bypass vulnerability to steal sensitive information from macOS users, including cached Apple Intelligence data.
TCC is a macOS security mechanism and framework that prevents apps from accessing users’ personal data, allowing macOS to control how apps access and use information across all Apple devices. TCC is responsible for requiring permission to launch new apps and displaying warnings if an app attempts to access sensitive data (including contacts, photos, webcam, and so on).
The vulnerability, identified as CVE-2025-31199 and discovered by Microsoft, was fixed in March 2025, with the release of patches for macOS Sequoia 15.4.
The problem was that, while Apple limits TCC access to apps with full disk access and automatically blocks unauthorized code execution,Microsoft researchers discovered that attackers could exploit the privileged access of Spotlight plugins to gain access to sensitive files and steal their contents.
In a recently published report, Microsoft researchers demonstrated that the vulnerability (which they have named Sploitlight) could be used to collect data, including Apple Intelligence information and remote information about other devices associated with an iCloud account.
This way, attackers could get their hands on photo and video metadata, geolocation data, facial recognition and person data, user activity information, photo albums and shared libraries, search history and user preferences, as well as deleted photos and videos.
Redazione