Microsoft Uncovers Security Flaw In macOS Spotlight That Could Leak Private Data

Microsoft’s Threat Intelligence team has identified a now-fixed security vulnerability in Apple’s macOS Spotlight search tool that could have allowed unauthorized access to sensitive user data. The issue, internally dubbed “Sploitlight”, stemmed from how Spotlight handled plugin files and potentially bypassed Apple’s privacy protection framework known as Transparency, Consent, and Control (TCC).

The flaw made it possible for attackers to exploit Spotlight’s plugin system—components that normally help index app content for search and are confined within a sandbox environment. However, Microsoft’s researchers discovered a method to manipulate these plugins to gain access to cached data generated by Apple’s AI features.

If exploited, the vulnerability could have exposed a wide range of private information, including:

• Precise location data

• Photo and video metadata

• Facial recognition data from the Photos app

• Search history

• Summaries generated by AI tools, such as email content

• User preferences and settings

Despite the serious implications, Microsoft confirmed that the vulnerability was not actively exploited. Following responsible disclosure practices, the company reported its findings to Apple, which quickly addressed the issue.

Apple released a fix as part of macOS 15.4 and iOS 18.4, both rolled out on March 31. According to Apple’s security documentation, the patch involved improving how the system handles certain types of data, helping to ensure stricter control over plugin behavior. Alongside the Spotlight fix, Apple also resolved two additional vulnerabilities reported by Microsoft—one related to symbolic link validation and another involving system state management.

This incident underscores the importance of cross-company collaboration in addressing emerging security threats, especially as platforms continue to integrate AI and machine learning features. It also highlights the value of regular system updates, as many vulnerabilities are addressed quietly behind the scenes.

For end users, no action is needed beyond ensuring that devices are up to date. The issue has been resolved, and Apple’s rapid response prevented the vulnerability from being weaponized in real-world attacks.

Filed in Apple >Computers. Read more about Apple, Cybersecurity, macOS, Microsoft, Privacy and Security.