Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Microsoft finds a major privacy flaw in Apple’s Spotlight search

The exploit leveraged Spotlight search plugins to circumvent Apple's Transparency, Consent, and Control (TCC) framework, potentially exposing data cached by Apple Intelligence.

byKerem Gülen
July 29, 2025
in Cybersecurity, News

Microsoft Threat Intelligence identified a Spotlight-related vulnerability, dubbed “Sploitlight,” a Transparency, Consent, and Control (TCC) bypass capable of leaking sensitive data cached by Apple Intelligence.

This vulnerability, detailed in a Microsoft blog post, leveraged Spotlight plugins to potentially expose private file data. TCC mechanisms are designed to prevent applications from accessing personal information without explicit user consent. The “Sploitlight” exploit circumvented these controls, allowing for unauthorized access to sensitive user data.

Attackers could have acquired precise location data, metadata from photos and videos, face recognition data from the Photo Library, user search histories, AI email summaries, and user preferences. Despite Apple’s sandboxing of Spotlight plugins, which typically restrict access to sensitive files, Microsoft researchers discovered a method to manipulate app bundles pulled by Spotlight, leading to the leakage of file contents.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Shuyal malware is stealing data from 19 different browsers


Microsoft communicated the bypass details to Apple. Apple subsequently addressed the vulnerability in macOS 15.4 and iOS 15.4, updates released on March 31. The vulnerability was not actively exploited prior to its disclosure and resolution. Apple’s security support documentation for the update indicated that the problem was resolved through improved data redaction. Concurrently, Apple addressed two other vulnerabilities, also credited to Microsoft, by enhancing symlink validation and improving state management. Comprehensive information regarding the exploit’s mechanics is available on Microsoft’s official website.


Featured image credit

Tags: AppleMicrosoftspotlight

Related Posts

ChatGPT reportedly reduces reliance on Reddit as a data source

ChatGPT reportedly reduces reliance on Reddit as a data source

October 3, 2025
Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

October 3, 2025
Light-powered chip makes AI computation 100 times more efficient

Light-powered chip makes AI computation 100 times more efficient

October 3, 2025
Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
Choosing the right Web3 server: OVHcloud options for startups to enterprises

Choosing the right Web3 server: OVHcloud options for startups to enterprises

October 3, 2025
Z.AI GLM-4.6 boosts context window to 200K tokens

Z.AI GLM-4.6 boosts context window to 200K tokens

October 2, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.