Microsoft Uncovers Security Flaw In macOS Spotlight That Could Leak Private Data

Microsoft’s Threat Intelligence team has identified a now-fixed security vulnerability in Apple’s macOS Spotlight search tool that could have allowed unauthorized access to sensitive user data. The issue, internally dubbed “Sploitlight”, stemmed from how Spotlight handled plugin files and potentially bypassed Apple’s privacy protection framework known as Transparency, Consent, and Control (TCC).

The flaw made it possible for attackers to exploit Spotlight’s plugin system—components that normally help index app content for search and are confined within a sandbox environment. However, Microsoft’s researchers discovered a method to manipulate these plugins to gain access to cached data generated by Apple’s AI features.

If exploited, the vulnerability could have exposed a wide range of private information, including:

Precise location data
Photo and video metadata
Facial recognition data from the Photos app
Search history
Summaries generated by AI tools, such as email content
User preferences and settings

Despite the serious implications, Microsoft confirmed that the vulnerability was not actively exploited. Following responsible disclosure practices, the company reported its findings to Apple, which quickly addressed the issue.

Apple released a fix as part of macOS 15.4 and iOS 18.4, both rolled out on March 31. According to Apple’s security documentation, the patch involved improving how the system handles certain types of data, helping to ensure stricter control over plugin behavior. Alongside the Spotlight fix, Apple also resolved two additional vulnerabilities reported by Microsoft—one related to symbolic link validation and another involving system state management.

This incident underscores the importance of cross-company collaboration in addressing emerging security threats, especially as platforms continue to integrate AI and machine learning features. It also highlights the value of regular system updates, as many vulnerabilities are addressed quietly behind the scenes.

For end users, no action is needed beyond ensuring that devices are up to date. The issue has been resolved, and Apple’s rapid response prevented the vulnerability from being weaponized in real-world attacks.

Filed in Apple >Computers. Read more about Apple, Cybersecurity, macOS, Microsoft, Privacy and Security.

What's Hot

CDC spiraled into chaos this week. Here’s where things stand.

Apple’s iPhone 17 ‘Awe dropping’ event is on September 9 — Here’s what we expect

Cracks are forming in Meta’s partnership with Scale AI

Leak suggests new Philips Hue lights will have direct Matter support

Microsoft fires two more employees for participating in Palestine protests on campus

Microsoft fires two employee protesters who occupied its president’s office

Microsoft hosts emergency press conference after protesters ‘storm a building’

Google teams up with nuclear power giants to fuel massive data center growth with reactors in Tennessee by 2030

AI that seems conscious is coming – and that’s a huge problem, says Microsoft AI’s CEO

8BitDo Pro 3 review: better specs, more customization, minor faults

WIRED Roundup: ChatGPT Goes Full Demon Mode

Framework Desktop Review: A Delightful Surprise

Most Popular