Apple has addressed a serious macOS vulnerability that could have allowed hackers to access personal files, including data linked to its AI system, Apple Intelligence. The issue, dubbed “Sploitlight,” was discovered by Microsoft’s security team and publicly disclosed on July 28, 2025.
The flaw targeted macOS’s Spotlight feature by exploiting its plugin system. Attackers used custom Spotlight importers to bypass Transparency, Consent, and Control (TCC) protections, which normally safeguard files such as photos, downloads, and location history.
Exposing Cross-Device Privacy Risks
What made this threat more alarming was its reach beyond a single Mac. Because Apple syncs data between devices via iCloud, compromising one Mac could expose sensitive files from an iPhone or iPad connected to the same account. This included private photo metadata, GPS data, and even cache files tied to Apple Intelligence, like note summaries or user preferences.
Microsoft revealed that attackers didn’t need administrative access or special permissions. They could install the rogue plugin into a standard user folder and activate it using built-in macOS tools. Once active, the plugin quietly scanned files in restricted locations and logged the content for later use.
Apple’s Fix and User Safety Tips
Apple released a fix for the vulnerability on March 31, 2025, as part of a macOS Sequoia update. The flaw is cataloged as CVE-2025-31199 in the official database of security issues.
To stay protected, Mac users are urged to install the latest system updates immediately. Avoid installing unfamiliar Spotlight plugins or unsigned software, especially those requesting system access. Additionally, users should monitor background activity and use security tools to spot unusual behavior.
Finally, Apple users are reminded that syncing data across devices can increase risk. A single vulnerable device could potentially expose the entire Apple ecosystem tied to a user’s account.
