NewsTechnologyWorld
Tech
EExternal LinkEmma RothLinkMicrosoft uncovered a security flaw affecting macOS’s Spotlight.
The vulnerability (CVE-2025-31199), which Apple patched in a March 31st update, could give bad actors access to files inside a device’s Downloads folder and data cached by Apple Intelligence. That includes geolocation data, media metadata, and facial recognition info, according to a report from Microsoft Threat Intelligence.
Security researchers discovered the flaw after using Spotlight plugins to bypass a security feature made to prevent third-party services from gaining access to user data.
Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability | Microsoft Security Blog
[microsoft.com]
