In this technical breakdown by Microsoft Threat Intelligence, authors Jonathan Bar Or, Alexia Wilson, and Christine Fossaceca uncover and analyze the new macOS Spotlight-based TCC vulnerability, CVE-2025-31199, and discuss its security and remediation implications.

Spotlight-based macOS TCC Vulnerability CVE-2025-31199: Analysis by Microsoft Threat Intelligence

Authors: Jonathan Bar Or, Alexia Wilson, Christine Fossaceca (Microsoft Threat Intelligence)

Overview

Microsoft Threat Intelligence discovered a critical vulnerability (CVE-2025-31199) in macOS, referred to as “Sploitlight,” that enables attackers to bypass Transparency, Consent, and Control (TCC) protections via Spotlight plugins. This flaw allowed unauthorized access to files and sensitive cached information managed by Apple Intelligence, including location history, media metadata, person recognition data, search histories, and more—even spanning multiple devices linked by iCloud.

Key Findings

  • Attack Vector: Malicious Spotlight plugin (.mdimporter bundle), which, when injected, can circumvent Apple’s intentional sandbox restrictions.
  • Data Impacted: Downloads, Pictures, and Desktop folders, along with Apple Intelligence caches (e.g., Photos.sqlite), containing detailed geolocation, recognized individuals, activity metadata, deleted content info, and search history.
  • Exploitation: Attackers could modify existing plugin descriptors (Info.plist, schema.xml), load the bundle into ~/Library/Spotlight, prompt index scans with mdimport, and leak file contents through unified logging—all without special privileges.
  • Wider Risk: Attack scope includes data from devices remotely linked through iCloud.
  • Disclosure & Resolution: Microsoft reported the vulnerability using Coordinated Vulnerability Disclosure (CVD) and MSVR channels. Apple patched the issue as part of macOS Sequoia’s March 2025 update.
  • Detection & Remediation: Defender for Endpoint now flags suspicious Spotlight plugin behavior and unauthorized directory indexing indicative of exploitation.

Technical Deep Dive

Spotlight Plugins and TCC

  • Spotlight plugins (ending with .mdimporter) extend file indexing and, despite sandboxing, possess privileged file access.
  • TCC normally guards user data (such as location, camera, microphone, Downloads, Pictures) by gating access behind user approval popups or system-level settings.
  • Microsoft’s POC exploit modified plugin type declarations and utilized standard command-line tools (mdimport) to trigger file processing, enabling extraction of protected data via logs.

Exploit Steps Summarized

  1. Customize plugin by declaring desired file types in Info.plist/schema.xml.
  2. Deploy plugin into user’s Spotlight folder (unsigned, no privileges required).
  3. Activate and scan with mdimport commands.
  4. Extract data using log utility - attackers extract sensitive file content from protected directories.

Apple Intelligence Data Exposure

  • Attackers could extract not only local files but also detailed Apple Intelligence caches, potentially reconstructing:
    • Precise user and device locations
    • Photo and video metadata (timestamps, device model, camera info)
    • Recognized faces and album contents
    • User activities, search history, and preferences
    • Metadata of deleted media
    • Synchronized data from other iCloud-linked devices
  • Apple Intelligence cache files (Photos.sqlite/photos.db) reside within directories tagged by TCC service types, but the exploit bypassed all intended access controls.

Defensive Recommendations

  • Apply Security Updates: Ensure macOS Sequoia or latest OS update is installed to receive CVE-2025-31199 patch.
  • Endpoint Protection: Leverage Microsoft Defender for Endpoint to detect anomalous Spotlight operations and unauthorized plugin installations.
  • Defense in Depth: Monitor for suspicious log activities and bundle modifications, particularly in user Spotlight plugin directories.

Microsoft’s Mitigation Actions

  • Insights from this research have led to enhanced anomaly detection mechanisms in Microsoft Defender for Endpoint across heterogeneous environments.
  • Close collaboration with Apple facilitated expedited resolution and coverage of the issue in security intelligence feeds.

Further Resources

Acknowledgements

Microsoft thanks Apple’s security team for swift action and cross-organizational collaboration. Users are strongly advised to update their devices and maintain endpoint protection to guard against similar cross-platform threats.

About the Authors

Jonathan Bar Or, Alexia Wilson, and Christine Fossaceca are members of Microsoft Threat Intelligence, dedicated to uncovering and neutralizing advanced threats in multi-platform environments. For continuous updates and security insights, visit the Microsoft Threat Intelligence Blog or follow on LinkedIn and X (Twitter).

This post appeared first on “Microsoft Security Blog”. Read the entire article here