Microsoft Finds Critical Security Gap On Apple Intelligence

JAKARTA - Microsoft recently revealed a critical vulnerability in macOS called Sploitlight (CVE-2025-31199). This gap is able to bypass Apple's Transparency, Approval and Control (TCC) mechanisms and has the potential to steal sensitive data stored by Apple Intelligence, including private locations and photo metadata.

Apple has fixed this gap in the macOS Sequoia 15.4 update, emphasizing the importance of updating the system on time.

Even the most advanced technology can have a weak point. Microsoft revealed an important security gap in Apple's macOS that has the potential to expose sensitive user data stored in Apple Intelligence. This gap called Sploitlight shows how important continuous vigilance is in cybersecurity.

In essence, Sploitlight (with the CVE code-2025-31199) is a bug that successfully passes through Apple's TCC system. TCC is a security mechanism in macOS that limits app access to personal data and system features without the user's explicit permission. The problem is that this gap can trick such security.

Then, how does this gap work? The vulnerability takes advantage of Spotlight, which functions to index files on macOS for searches. Even though these opaques run in a limited environment (sandbox), they have special access to the data they scanned.

Microsoft found that attackers could modify the metadata of the mitigation so that the system recorded sensitive file content during the indexing process, and the data could be stolen without requiring permission from the TCC.

The impact is very serious. Microsoft explains that Sploitlight allows hackers to access a lot of sensitive information stored by Apple Intelligence, such as precise location data, photo and video metadata, facial recognition data, search history, to user preferences. More worryingly, the perpetrator can get information from other devices connected to the same iCloud account, making the risk much greater.

The Gap Has Been Repaired

The good news is that Apple has closed this gap through an update of macOS Sequoia 15.4 which was released in March 2025, by doing a better 'screening of data' to prevent exploitation. Microsoft, which finds this gap, has also updated Defender for Endpoint to detect malicious media installation attempts related to this method.

This discovery is a reminder of the importance of always updating the software to the latest version. Despite the advanced security framework, continuous vigilance and collaboration between security researchers and platform developers are crucial to protect increasingly connected user data in the digital world.