CVE-2025-31199

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 18.4 Apple iPadOS versions prior to 18.4 Apple visionOS versions prior to 2.4 Apple macOS versions prior to Sequoia 15.4

Description A security issue was identified relating to data redaction in logging. This flaw allows an application to potentially access sensitive user data. The vulnerability, dubbed "Sploitlight" (CVE-2025-31199), involves a bypass of the Transparency, Consent, and Control (TCC) framework through Spotlight plugins. This bypass could allow attackers to access sensitive data, including geolocation and media metadata, as well as data cached by Apple Intelligence. The vulnerability was discovered by Microsoft Threat Intelligence and disclosed to Apple. Exploitation of this issue could lead to both local and remote data exposure. The API Endpoints used by Spotlight to access data are implicated in this issue. The vulnerability exploits the privileged access of Spotlight plugins. The

Spotlight

functionality is central to the issue.

Recommendations Update Apple iOS to version 18.4 or later. Update Apple iPadOS to version 18.4 or later. Update Apple visionOS to version 2.4 or later. Update Apple macOS to version Sequoia 15.4 or later.