New macOS Vulnerability Allows Attackers to Steal Private Files by Bypassing TCC
gbhackersMicrosoft Threat Intelligence has uncovered a critical macOS vulnerability that enables attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially exposing sensitive user data including files protected by privacy controls and information cached by Apple Intelligence.
Vulnerability Overview
The newly discovered vulnerability, dubbed “Sploitlight” by Microsoft researchers, exploits Spotlight plugins to access private files that TCC restrictions should normally protect.
Unlike previous TCC bypasses such as HM-Surf and powerdir, this vulnerability poses more severe risks due to its ability to extract sensitive information cached by Apple Intelligence, including precise geolocation data, photo and video metadata, facial recognition data, search history, and user preferences.
| Field | Details |
| CVE ID | CVE-2025-31199 |
| Discovery Date | Discovered during proactive threat hunting |
| Disclosure Method | Coordinated Vulnerability Disclosure (CVD) |
| Affected Systems | macOS Sequoia and earlier versions |
| Patch Release Date | March 31, 2025 |
| Severity Level | High (due to TCC bypass and AI data exposure) |
| Attack Vector ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE