CyberSecurityBoard
Sponsor Register Login

Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data

"While similar to prior TCC bypasses like HM-Surf and powerdir, the implications of this vulnerability, which we refer to as 'Sploitlight' for its use of Spotlight plugins, are more severe due to its ability to extract and leak sensitive information cached by Apple Intelligence, such as precise geolocation data, photo and video metadata, face and person recognition data, search history and user preferences, and more," Microsoft said on Monday. Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. While Apple restricts TCC access only to apps with full disk access and automatically blocks unauthorized code execution, Microsoft security researchers found that attackers could use the privileged access of Spotlight plugins to access sensitive files and steal their contents. In recent years, Microsoft security researchers have found multiple other severe macOS vulnerabilities, including a SIP bypass dubbed 'Shrootless' (CVE-2021-30892), reported in 2021, which enables attackers to install rootkits on compromised Macs. They showed in a report published today that the vulnerability (named Sploitlight and described by Apple as a "logging issue") could be exploited to harvest valuable data, including Apple Intelligence-related information and remote information of other iCloud account-linked devices. In the past, Microsoft security researchers have also discovered several other TCC bypasses, including powerdir (CVE-2021-30970) and HM-Surf, that could also be abused to gain access to users' private data. TCC is a security technology and a privacy framework that blocks apps from accessing private user data by providing macOS control over how their data is accessed and used by applications across Apple devices. This includes, but is not limited to, photo and video metadata, precise geolocation data, face and person recognition data, user activity and event context, photo albums and shared libraries, search history and user preferences, as well as deleted photos and videos.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 28 Jul 2025 18:05:22 +0000


Cyber News related to Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data

How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
9 months ago Aws.amazon.com
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data - "While similar to prior TCC bypasses like HM-Surf and powerdir, the implications of this vulnerability, which we refer to as 'Sploitlight' for its use of Spotlight plugins, are more severe due to its ability to extract and leak sensitive information ...
7 hours ago Bleepingcomputer.com CVE-2021-30892
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Threat Intelligence Feeds Flood Analysts With Data, But Context Still Lacking - By combining external threat data with internal risk assessments, contextual threat intelligence helps organizations measure the risk level of alerts or vulnerabilities in relation to their business and technical assets, ensuring that the most ...
3 months ago Cybersecuritynews.com
Automating Threat Intelligence: Tools And Techniques For 2025 - Automated threat intelligence leverages artificial intelligence (AI), machine learning (ML), and orchestration platforms to collect, analyze, and act on vast amounts of threat data in real time. These platforms offer features like real-time threat ...
3 months ago Cybersecuritynews.com
New Microsoft Purview features use AI to help secure and govern all your data - More than 90% of organizations use multiple cloud infrastructures, platforms, and services to run their business, adding complexity to securing all data.1Microsoft Purview can help you secure and govern your entire data estate in this complex and ...
1 year ago Microsoft.com
Hackers Compromise Intelligence Website Used by CIA and Other Agencies - As federal investigators continue their work, the dual breaches of critical intelligence infrastructure highlight the sophisticated and persistent nature of foreign cyber threats targeting America’s most sensitive defense and intelligence ...
16 hours ago Cybersecuritynews.com Abyss
Apple Faces Federal Lawsuit Over Delayed Apple Intelligence Features - Tech giant Apple is once again in the legal spotlight as a class-action lawsuit filed in U.S. District Court in San Jose accuses the company of false advertising and unfair competition related to its highly touted Apple Intelligence features. The ...
4 months ago Cybersecuritynews.com
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
1 year ago Eff.org
Why Threat Intelligence is Crucial for Modern Cyber Defense - Threat intelligence transforms raw data into actionable insights by analyzing adversaries’ tactics, techniques, and procedures (TTPs), empowering security teams to shift from reactive firefighting to strategic defense. Proactive Threat Hunting: ...
3 months ago Cybersecuritynews.com
Mitigating macOS Zero-Day Risks - Tools and Techniques - As macOS zero-day threats grow more sophisticated, combining Apple’s built-in protections with third-party security tools and rigorous security practices provides the most comprehensive defense strategy. These third-party solutions are ...
2 months ago Cybersecuritynews.com CVE-2024-44243
Financially motivated threat actors misusing App Installer - Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme to distribute malware. In ...
1 year ago Microsoft.com Black Basta
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
1 month ago Cybersecuritynews.com
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
4 months ago Bleepingcomputer.com
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
1 year ago Eff.org Inception
How to Use Threat Intelligence Feeds for SOC/DFIR Teams - Threat intelligence feeds provide real-time updates on indicators of compromise, such as malicious IPs and URLs. Security systems can then ingest these IOCs to identify and block potential threats, which essentially grants organizations immunity to ...
1 year ago Cybersecuritynews.com
Python in Threat Intelligence: Analyzing and Mitigating Cyber Threats - In the world of emerging cybersecurity threats, understanding the significance of threat intelligence is crucial and can not be ignored. Threat intelligence involves the systematic collection, analysis, and application of data to understand potential ...
1 year ago Hackread.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
Microsoft Security Copilot improves speed and efficiency for security and IT teams - First announced in March 2023, Microsoft Security Copilot-Microsoft's first generative AI security product-has sparked major interest. With the rapid innovations of Security Copilot, we have taken this solution beyond security operations use cases ...
1 year ago Microsoft.com
Apple's AI Moves Will Impact Future Chip, Cloud Security Plans - The measures Apple has implemented to prevent customer data theft and misuse by artificial intelligence will have a marked impact on hardware security, especially as AI becomes more prevalent on customer devices, analysts say. Apple emphasized ...
1 year ago Darkreading.com
Beyond DLP: Embracing a Multi-Layered Strategy for Personal Data Security - Data, especially personal data, drives the digital world. While digital systems continuously gather and use personal data to enhance user experience, there is a significant issue. The alarming frequency of data breaches indicates that the methods ...
1 year ago Securityboulevard.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
1 year ago Silicon.co.uk
How to Overcome the Most Common Challenges with Threat Intelligence - Today's typical approach to threat intelligence isn't putting organizations in a place to do that. Instead, many threat intelligence tools are delivering too much uncurated and irrelevant information that arrives too late to act upon. Organizations ...
1 year ago Cyberdefensemagazine.com Hunters
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)