JAKARTA Microsoft found quite a serious vulnerability on macOS-based computers, Apple's operating system (OS). This vulnerability can access sensitive data through malicious applications.
Referred to as Sploitlight, attackers can steal personal data from files that are usually protected by Transparency, Approval, and Control (TCC). Thus, attackers managed to bypass the system's privacy protection with Spotlight.
"(This incentive) is more severe because of its ability to extract and leak sensitive information cached by Apple Intelligence, such as proper geolocation data, photo and video metadata, facial and person recognition data, user search history and preferences," Microsoft said, quoted on Tuesday, July 29.
Microsoft explained that the risk of this vulnerability increased as attackers were able to link iCloud accounts remotely. After finding this problem and finding its bypass technique, Microsoft shared its findings with Apple.
SEE ALSO:
"We shared our findings with Apple through the Disclosure of Coordinated Vulnerability Research (MSVR) through Microsoft Security. Apple releases improvements to this vulnerability," Microsoft explained.
In accordance with Microsoft's statement, Apple has launched fixes with code CVE-2025-31199. This is a security update presented to macOS Sequioa users.
"We thank Apple's security team for their collaboration in overcoming this vulnerability and encouraging macOS users to immediately implement this security update," Microsoft said.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
