Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that enables attackers to bypass Apple’s Transparency, Consent, and Control (TCC) framework, potentially exposing sensitive user data including files protected by privacy controls and information cached by Apple Intelligence.
Vulnerability Overview
The newly discovered vulnerability, dubbed “Sploitlight” by Microsoft researchers, exploits Spotlight plugins to access private files that TCC restrictions should normally protect.
Unlike previous TCC bypasses such as HM-Surf and powerdir, this vulnerability poses more severe risks due to its ability to extract sensitive information cached by Apple Intelligence, including precise geolocation data, photo and video metadata, facial recognition data, search history, and user preferences.
gbhackers.com
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}