You are currently viewing Microsoft Uncovers Sploitlight: How a Spotlight Plugin Flaw Evades macOS TCC Protections

Microsoft Uncovers Sploitlight: How a Spotlight Plugin Flaw Evades macOS TCC Protections

  • Post author:
  • Reading time:4 mins read

Microsoft Threat Intelligence recently disclosed a serious macOS vulnerability dubbed Sploitlight. It tracked as CVE-2025-31199 that leverages Spotlight importer plugins to bypass Apple’s Transparency, Consent, and Control (TCC) framework and exfiltrate files normally off-limits, including Apple Intelligence caches. Apple addressed the issue in macOS Sequoia 15.4, released on March 31, 2025, but any systems still on older Sequoia builds (or earlier macOS versions) remain at risk. This post breaks down the technical flaw, real-world impact, attacker techniques, and steps you can take to protect your data.

Background: Spotlight Importers & TCC

Spotlight uses .mdimporter bundles (“Spotlight importers”) to index specific file types from Mail attachments to Photos databases to make the search fast and comprehensive. These plugins run in sandboxed helper processes (the mdworker tasks) but retain privileged file-read access to the content they index.

To protect user privacy, Apple’s Transparency, Consent, and Control (TCC) framework usually blocks arbitrary code from reading sensitive directories (Downloads, Pictures, Desktop, etc.) without explicit user consent via system prompts.

Technical Details of “Sploitlight”

  1. Plugin Manipulation
    Attackers modify the Info.plist and accompanying schema files of an unsigned .mdimporter, declaring new UTIs (Uniform Type Identifiers) for protected directories. Because unsigned importers can still be loaded locally, there’s no code-signing requirement, significantly lowering the bar for exploit development.
  2. Loading the Malicious Importer
    The attacker places the manipulated .mdimporter into ~/Library/Spotlight and forces Spotlight to reload plugins via: mdimport -r A recursive scan then triggers the plugin in the mdworker Sandbox, which reads and logs file contents—even those in TCC-protected locations—into the unified log: mdimport -i <path>
  3. Data Exfiltration
    The attacker recovers file bytes from directories like DownloadsPictures, and Apple Intelligence caches by parsing unified log entries. Apple Intelligence cache files include Photos.sqlite and other AI-generated summary databases, exposing metadata, geolocation, face-recognition clusters, and more.

Potential Impact

  • Personal Privacy Risks: Exposed geolocation trails, photo/video metadata (timestamps, device info), face/person recognition data, and deleted content—even clipboard histories could be at risk.
  • Stalking & Harassment: Precise location data and photo album context could enable physical stalking or targeted harassment.
  • iCloud-Linked Devices: Because TCC permissions sync across devices on the same iCloud account, compromising one Mac could leak metadata from an iPhone or iPad linked to that account.

Security Affairs also warns that Apple Intelligence caches, such as email summaries and AI-written notes, are at risk, exposing further private data.

Moreover, since Apple devices linked to the same iCloud account automatically sync specific data, an attacker who compromises a user’s Mac could potentially access synced metadata and Apple Intelligence-tagged content originating from the user’s iPhone or iPad.

Attacker Tactics (MITRE ATT&CK Mappings)

  • TA0001 – Initial Access: Social-engineering the user into installing a malicious Spotlight importer.
  • T1203 – Exploitation for Client Execution: Loading the manipulated .mdimporter via mdimport.
  • TA0006 – Credential Access: Bypassing TCC to read protected data.
  • T1189 – Drive-by Compromise: Distributing the exploit in seemingly benign bundles on third-party download sites.
  • T1555 – Credentials from Password Stores: Accessing Apple Intelligence caches that may store password-manager data or summary snippets.

Mitigation & Recommendations

  1. Update Immediately
    Apply macOS Sequoia 15.4 (and corresponding iOS/iPadOS/VisionOS patches) to ensure CVE-2025-31199 is patched.
  2. Harden Spotlight Usage
    Restrict write access ~/Library/Spotlight via FileVault and endpoint-security policies, preventing malicious plugin drops. Monitor for unexpected .mdimporter installations with your EDR solution.
  3. Audit Unified Logs
    Configure log-management solutions to flag large binary dumps in the unified log, which can indicate exfiltration attempts via Sploitlight.
  4. User Awareness
    Train users to avoid installing unsigned plugins and to question any unusual prompts or “helper” installers claiming to enhance Spotlight performance.

Instantly Fix Risks with Saner Patch Management

Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.

It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.

Experience the fastest and most accurate patching software here.