Close Menu
GeekBlog

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    CDC spiraled into chaos this week. Here’s where things stand.

    August 30, 2025

    Apple’s iPhone 17 ‘Awe dropping’ event is on September 9 — Here’s what we expect

    August 30, 2025

    Cracks are forming in Meta’s partnership with Scale AI

    August 30, 2025
    Facebook X (Twitter) Instagram Threads
    GeekBlog
    • Home
    • Mobile
    • Reviews
    • Tech News
    • Deals & Offers
    • Gadgets
      • How-To Guides
    • Laptops & PCs
      • AI & Software
    • Blog
    Facebook X (Twitter) Instagram
    GeekBlog
    Home»Gadgets»Microsoft Uncovers Security Flaw In macOS Spotlight That Could Leak Private Data
    Gadgets

    Microsoft Uncovers Security Flaw In macOS Spotlight That Could Leak Private Data

    Michael ComaousBy Michael ComaousAugust 1, 20251 Comment2 Mins Read0 Views
    Share Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Microsoft Uncovers Security Flaw In macOS Spotlight That Could Leak Private Data
    Share
    Facebook Twitter LinkedIn Pinterest Email Copy Link

    Microsoft’s Threat Intelligence team has identified a now-fixed security vulnerability in Apple’s macOS Spotlight search tool that could have allowed unauthorized access to sensitive user data. The issue, internally dubbed “Sploitlight”, stemmed from how Spotlight handled plugin files and potentially bypassed Apple’s privacy protection framework known as Transparency, Consent, and Control (TCC).

    The flaw made it possible for attackers to exploit Spotlight’s plugin system—components that normally help index app content for search and are confined within a sandbox environment. However, Microsoft’s researchers discovered a method to manipulate these plugins to gain access to cached data generated by Apple’s AI features.

    If exploited, the vulnerability could have exposed a wide range of private information, including:

    • Precise location data

    • Photo and video metadata

    • Facial recognition data from the Photos app

    • Search history

    • Summaries generated by AI tools, such as email content

    • User preferences and settings

    Despite the serious implications, Microsoft confirmed that the vulnerability was not actively exploited. Following responsible disclosure practices, the company reported its findings to Apple, which quickly addressed the issue.

    Apple released a fix as part of macOS 15.4 and iOS 18.4, both rolled out on March 31. According to Apple’s security documentation, the patch involved improving how the system handles certain types of data, helping to ensure stricter control over plugin behavior. Alongside the Spotlight fix, Apple also resolved two additional vulnerabilities reported by Microsoft—one related to symbolic link validation and another involving system state management.

    This incident underscores the importance of cross-company collaboration in addressing emerging security threats, especially as platforms continue to integrate AI and machine learning features. It also highlights the value of regular system updates, as many vulnerabilities are addressed quietly behind the scenes.

    For end users, no action is needed beyond ensuring that devices are up to date. The issue has been resolved, and Apple’s rapid response prevented the vulnerability from being weaponized in real-world attacks.

    Filed in Apple >Computers. Read more about Apple, Cybersecurity, macOS, Microsoft, Privacy and Security.

    Data Flaw leak macOS Microsoft Private Security Spotlight Uncovers
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Telegram Email Copy Link
    Previous ArticleTools and Accessories Deals at Lowe’s: Up to 30% off
    Next Article Could this be our first look at the iPhone 17 Pro?
    Michael Comaous
    • Website

    Related Posts

    2 Mins Read

    Leak suggests new Philips Hue lights will have direct Matter support

    2 Mins Read

    Microsoft fires two more employees for participating in Palestine protests on campus

    2 Mins Read

    Microsoft fires two employee protesters who occupied its president’s office

    2 Mins Read

    Microsoft hosts emergency press conference after protesters ‘storm a building’

    3 Mins Read

    Google teams up with nuclear power giants to fuel massive data center growth with reactors in Tennessee by 2030

    4 Mins Read

    AI that seems conscious is coming – and that’s a huge problem, says Microsoft AI’s CEO

    Top Posts

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202512 Views

    WIRED Roundup: ChatGPT Goes Full Demon Mode

    August 2, 202512 Views

    Framework Desktop Review: A Delightful Surprise

    August 7, 202511 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    8BitDo Pro 3 review: better specs, more customization, minor faults

    August 8, 202512 Views

    WIRED Roundup: ChatGPT Goes Full Demon Mode

    August 2, 202512 Views

    Framework Desktop Review: A Delightful Surprise

    August 7, 202511 Views
    Our Picks

    CDC spiraled into chaos this week. Here’s where things stand.

    August 30, 2025

    Apple’s iPhone 17 ‘Awe dropping’ event is on September 9 — Here’s what we expect

    August 30, 2025

    Cracks are forming in Meta’s partnership with Scale AI

    August 30, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest Threads
    • About Us
    • Contact us
    • Privacy Policy
    • Disclaimer
    • Terms and Conditions
    © 2025 geekblog. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.