CVE-2025-31199

Name of the Vulnerable Software and Affected Versions Apple iOS and iPadOS versions prior to 18.4 Apple macOS versions prior to Sequoia 15.4 Apple visionOS versions prior to 2.4

Description A security issue was identified where a flaw allows an application to potentially access sensitive user data. Microsoft Threat Intelligence discovered a vulnerability (CVE-2025-31199), dubbed "Sploitlight," that bypasses the Transparency, Consent, and Control (TCC) framework via Spotlight plugins. This bypass allows attackers to access sensitive data, including geolocation and metadata cached by Apple Intelligence. The vulnerability allows attackers to extract sensitive information from caches utilized by Apple Intelligence. The issue was addressed with improved data redaction in the updated versions. There is no information available regarding the number of potentially affected devices or any real-world incidents where this issue was exploited. The vulnerability exploits the privileged access of Spotlight plugins.

Recommendations Update Apple iOS to version 18.4 or later. Update Apple iPadOS to version 18.4 or later. Update Apple macOS to version Sequoia 15.4 or later. Update Apple visionOS to version 2.4 or later.