Day 18 of our FAAdvent Calendar: Don't let "Sploitlight" (CVE-2025-31199) leak your sensitive macOS data! northpole.security/blog/2025… Attacks bypass TCC to exfiltrate files like Apple Intelligence databases. See how to prevent this persistence trick and data theft with Workshop and Santa:

Sploitlight v1's directory based persistence / TCC bypass is almost the poster child for the kind of thing you can easily lock down with File Access Rules. We know more variants are out there, so where you can use Santa's File Access Authorization to lock down sensitive resources like Apple Intelligence caches directly. Also big thanks to the authors of great write ups from the community on this. @patrickwardle, @yo_yo_yo_jbo , @x71n3. @theevilbit

Day 18: Don't let "Sploitlight" (CVE-2025-31199) leak your sensitive macOS data! northpole.security/blog/2025… Attacks bypass TCC to exfiltrate files like Apple Intelligence databases. See how to prevent this persistence trick and data theft with Workshop and Santa:

Sploitlight: Hunting Beyond the Patch ift.tt/XJ613Hs

Sploitlight: Hunting Beyond the Patch buff.ly/h9jJFkO #Microsoft #techcommunity

Sploitlight: Hunting Beyond the Patch ift.tt/uTOZmY1

🍽️ Day 3 — Midday check-in (lunch bell 🔔, brains buzzing) #OBTS 🍏 – 🧟 Revoked, Not Dead — Gatekeeper flinched: CDHash “kill switch” wasn’t; ad-hoc, already-revoked apps ran anyway. “Yippee-ki-yay,” but with detections. Ferdous Saljooki @malwarezoo – 🧮 Something from Nothing — XNU VM “zero” seeped into read-only → chained to 0 → uid 0. Dead-ends, pivots, root. Ian Beer @i41nbeer (Google Project Zero) – 🔦 Sploitlight — Spotlight plugin pulled a TCC bypass (CVE-2025-31199) and peeked Apple Intelligence data; tiny consent gap, big spill. Christine Fossaceca @x71n3 (Microsoft) & Jonathan Bar O @yo_yo_yo_jbo – 🧬 Swift Type Metadata — decoded type descriptors, reflection, mangled names; Swift binaries stopped looking like spaghetti, started reading like schematics. Gregor Carmesin (Master student) – 🔒 What’s New in Lockdown Mode — macOS 26 hardens zero-click lanes; mapped which apps/daemons/services got new barricades (RE LLDB receipts). Marie Fischer (Master student) Refuel time. Back after lunch—same Ibiza sun, fresh drops queued. #OBTS 🍏 🌴⚡️

Spotlight used to find things. Today at #OBTS, it found trouble. 🍏 The Sploitlight demo just tore through macOS TCC like it was cached metadata. CVE-2025-31199 — elegant, silent, and painfully simple. Christine Fossaceca @x71n3 and Jonathan @yo_yo_yo_jbo didn’t just show a bug. They showed how trust in Apple Intelligence can light itself on fire.

Originally from: MS Threat Intel: Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability microsoft.com/en-us/security… ( :-{ı▓ #CTI #cybersecurity #cyberresearch

comentário lúcido no vídeo no print. além do print q tem uma boa contrapartida à critica do vídeo, há caso recente d sploitlight via apple intelligence e no windows no Brasil, não bostil (se é bostil sai do país e pare de se odiar, rapaz :D :D), a maioria usa crackeado ai fodeu.

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability microsoft.com/en-us/security…

Microsoft has unveiled Sploitlight, a technique that abuses macOS Spotlight to bypass TCC protections and siphon data from databases used by Apple Intelligence. meterpreter.org/microsoft-di…

Since it seems that macOS 26 shipped with Sploitlight per @objective_see's blog post objective-see.org/blog/blog_…, this is a friendly reminder that you can lock this down with FAA rules northpole.dev/cookbook/faa/#…

#VulnerabilityReport #AppleIntelligence Microsoft Uncovers “Sploitlight”: macOS Flaw (CVE-2025-31199) Bypasses TCC, Leaking Apple Intelligence Data securityonline.info/microsof…

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability microsoft.com/en-us/security…

‘Sploitlight’ Vulnerability: How Hackers Bypassed Apple’s TCC Protections techrepublic.com/article/new… #machinelearning #artificialintelligence

Sploitlight: Analyzing a Spotlight-based macOS TCC vulnerability via @MsftSecIntel #Proficio #ThreatNews #Cybersecurity #MSSP #MDR microsoft.com/en-us/security…

‘Sploitlight’ Vulnerability: How Hackers Bypassed Apple’s TCC Protections techrepublic.com/article/new… #Cybersecurity #technology

📢Sploitlight: Analyzing a Spotlight-based macOS TCC Vulnerability Mlion.ai News, Microsoft security researchers have analyzed a new vulnerability in macOS’s Transparency, Consent, and Control (TCC) framework, potentially exploitable by malicious AI-driven software. The vulnerability, related to Spotlight’s interaction with TCC, could allow unauthorized access to sensitive user data. The report stresses the importance of securing AI-powered applications on all platforms and provides recommendations for mitigation. 🤖Mlion.ai short commentary 🔥macOS TCC flaw exposed! AI-driven exploits risk data—Microsoft reveals alarming AI security gaps in user privacy. For more in-depth analysis, try Mlion's 「AI Insights」: mlion.ai/#/messageDetail/872…