{"id":25948,"date":"2025-07-28T10:28:53","date_gmt":"2025-07-28T18:28:53","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2025\/07\/28\/news-19668\/"},"modified":"2025-07-28T10:28:53","modified_gmt":"2025-07-28T18:28:53","slug":"news-19668","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2025\/07\/28\/news-19668\/","title":{"rendered":"Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability"},"content":{"rendered":"

Credit to Author: Microsoft Threat Intelligence| Date: Mon, 28 Jul 2025 16:00:00 +0000<\/strong><\/p>\n

Microsoft Threat Intelligence has discovered a macOS vulnerability that could allow attackers to steal private data of files normally protected by Transparency, Consent, and Control (TCC), such as files in the Downloads<\/em> folder, as well as caches utilized by Apple Intelligence. While similar to prior TCC bypasses like HM-Surf<\/a> and powerdir<\/a>, the implications of this vulnerability, which we refer to as \u201cSploitlight\u201d for its use of Spotlight plugins, are more severe due to its ability to extract and leak sensitive information cached by Apple Intelligence, such as precise geolocation data, photo and video metadata, face and person recognition data, search history and user preferences, and more. These risks are further complicated and heightened by the remote linking capability between iCloud accounts, meaning an attacker with access to a user\u2019s macOS device could also exploit the vulnerability to determine remote information of other devices linked to the same iCloud account.<\/p>\n

After discovering the bypass technique during proactive hunting for processes with privileged entitlements, we shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD)<\/a> via Microsoft Security Vulnerability Research (MSVR)<\/a>. Apple released a fix for this vulnerability, now identified as CVE-2025-31199, as part of security updates<\/a> for macOS Sequoia, released on March 31, 2025. We thank the Apple security team for their collaboration in addressing this vulnerability and encourage macOS users to apply these security updates as soon as possible.<\/p>\n

As a reminder, TCC is a technology designed to prevent applications from accessing users\u2019 personal information, including services such as location services, camera, microphone, Downloads<\/em> directory, and others, without obtaining prior consent and knowledge from users. The only legitimate method for an application to gain access to these services is through user approval via a popup prompt within the user interface or by granting per-app access in the operating system’s settings.<\/p>\n

In this blog post, we display how, despite Spotlight plugins being carefully and heavily restricted to maintain their privileged access to sensitive files, they can still be abused to exfiltrate file contents. Our research demonstrates how this privileged access and the ability to manipulate these plugins blur the line between operating system components, like the mds<\/em> daemon and mdworker<\/em> task, and non-OS components, like the plugins themselves. Further, we show how the TCC bypass works against well-defined file types, as well as how it could be abused to get valuable data such as information tagged by Apple Intelligence and remote information of other iCloud account-linked devices.<\/p>\n

Background: Spotlight importers<\/h2>\n

Spotlight<\/a> is a built-in macOS application that is capable of quickly finding content on a device by means of indexing. Users can use the Command<\/em> +Space<\/em> shortcut to trigger a file search. However, Spotlight supports plugins known as Spotlight importers to further index data found on a device. For example, Outlook can index emails for them to appear in search. Those plugins are macOS bundles<\/a> ending with a .mdimporter<\/em> suffix, and can be listed by using the mdimport<\/a> utility with the -L<\/em> command line flag:<\/p>\n

\"Screenshot
Figure 1. A list of Spotlight plugins on a typical system<\/em><\/figcaption><\/figure>\n

To support that architecture, the technology works in a producer-consumer design, where tools such as Spotlight (or the mdfind<\/em><\/a> command utility) consume data from index files that are saved locally, and an indexing service produces and updates those index files.<\/p>\n

The indexing service is known as mds<\/em> and acts as a system daemon. Upon file modifications, the kernel triggers the mds<\/em> daemon, which in turn creates a heavily sandboxed task called mdworker<\/em>, which runs the plugin logic and updates the index.<\/p>\n

Spotlight plugins have been studied in the past, notable examples include:<\/p>\n