Vulnerability cyber

Apple

Jul 29, 2025 1 min read
Apple

A critical macOS vulnerability, dubbed 'Sploitlight,' enables attackers to bypass Transparency, Consent, and Control (TCC) protections and steal sensitive user data, including files from protected directories and Apple Intelligence caches. The flaw exploits Spotlight plugins to access normally protected information without user consent, posing significant privacy risks for macOS users. Attackers could access private files across devices linked to the same iCloud account, potentially gathering information about other devices connected to the same iCloud account. Apple fixed the issue (CVE-2025-31199) in March 2025.

Source: https://cybersecuritynews.com/macos-sploitlight-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/apple

"id": "app853072925",
"linkid": "apple",
"type": "Vulnerability",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Apple',
                        'type': 'Technology Company'}],
 'attack_vector': 'Spotlight Plugins',
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['Pictures',
                                        'SQLite databases',
                                        'Metadata'],
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Sensitive files',
                                              'Apple Intelligence caches',
                                              'Photos.sqlite database']},
 'date_resolved': 'March 31, 2025',
 'description': 'A critical macOS vulnerability enables attackers to bypass '
                'Transparency, Consent, and Control (TCC) protections and '
                'steal sensitive user data, including files from protected '
                'directories and Apple Intelligence caches.',
 'impact': {'data_compromised': ['Sensitive files',
                                 'Apple Intelligence caches',
                                 'Photos.sqlite database']},
 'initial_access_broker': {'entry_point': 'Spotlight Plugins',
                           'high_value_targets': ['Apple Intelligence caches',
                                                  'Photos.sqlite database']},
 'lessons_learned': 'Importance of applying security updates immediately',
 'motivation': 'Data Theft, Privacy Invasion',
 'post_incident_analysis': {'corrective_actions': 'Security updates for macOS '
                                                  'Sequoia',
                            'root_causes': 'Vulnerability in Spotlight '
                                           'plugins'},
 'recommendations': 'Apply Apple’s security updates to protect against the TCC '
                    'bypass vulnerability',
 'references': [{'source': 'Microsoft Threat Intelligence'}],
 'response': {'enhanced_monitoring': 'Microsoft Defender for Endpoint',
              'remediation_measures': 'Security updates for macOS Sequoia',
              'third_party_assistance': 'Microsoft Defender for Endpoint'},
 'title': 'Sploitlight Vulnerability in macOS',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2025-31199'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.