Ethical Hacking News
Microsoft has highlighted a previously unknown bug in macOS that was patched by Apple in March, which poses significant risks to user privacy. The vulnerability allows attackers to extract sensitive information cached by Apple Intelligence, including precise geolocation data and search history. As companies like Microsoft continue to struggle with their own security challenges, this incident serves as a reminder of the ongoing importance of robust cybersecurity practices and cooperation between industry players.
Microsoft has identified a previously unknown bug in macOS (CVE-2025-31199) that affects user privacy. The bug allows attackers to extract sensitive information, including geolocation data and search history, from Apple Intelligence. The vulnerability also enables the potential for widespread exploitation due to syncing of data across devices linked to the same iCloud account. Apple initially disclosed the flaw in March but failed to adequately address it, leading to ongoing exploitation by malicious actors. Microsoft's identification highlights the importance of robust security measures and cooperation between companies to mitigate risks and enhance overall security posture.
Microsoft has recently shed light on a previously unknown bug found in macOS that was patched by Apple in March. The vulnerability, designated as CVE-2025-31199, affects versions of the operating system known as Sequoia and poses a significant threat to user privacy. According to Microsoft Threat Intelligence, this bug could allow attackers to extract and leak sensitive information cached by Apple Intelligence, including precise geolocation data, photo and video metadata, face and person recognition data, search history, and user preferences.
The impact of this vulnerability extends beyond individual users, as it also enables the potential for widespread exploitation. Since Apple devices linked to the same iCloud account automatically sync certain data, an attacker who compromises a user's Mac could potentially access synced metadata and Apple Intelligence-tagged content originating from the user's iPhone or iPad. This means that if an individual's personal data is cached on their device, it may also be accessible to malicious actors due to this vulnerability.
For instance, Outlook can use Spotlight plugins to index emails, allowing them to appear in search results. The bug "Sploitlight" specifically abuses these Spotlight plugins, highlighting the potential risks and implications of this vulnerability. Microsoft has highlighted the severity of this issue as an extremely sophisticated attack may be targeting iThings.
Apple initially disclosed the flaw in March, along with releasing a fix. However, despite acknowledging the problem, it appears that the company failed to adequately address the vulnerability, resulting in ongoing exploitation by malicious actors. This highlights the importance of robust security measures and the need for companies like Apple to remain vigilant against emerging threats.
Furthermore, Microsoft's identification of this bug underscores the complexity and interconnectedness of modern technology ecosystems. As different devices and services become increasingly intertwined, so too do their respective vulnerabilities. By recognizing these connections and sharing intelligence on identified flaws, companies can work together to mitigate risks and enhance overall security posture.
In addition to this vulnerability, Microsoft has also been dealing with its own share of security challenges, including the mass exploitation of bugs currently being abused for espionage, data theft, and ransomware infections. The company's struggles in addressing these issues serve as a reminder that even prominent players in the tech industry are not immune to cybersecurity threats.
The incident highlights the ongoing importance of robust cybersecurity practices, prompt patching of identified vulnerabilities, and cooperation between companies to combat emerging risks. As technology continues to evolve at an unprecedented pace, it is more critical than ever for organizations like Apple and Microsoft to prioritize security and work together to create a safer digital landscape for all users.
Related Information:
https://www.ethicalhackingnews.com/articles/Microsoft-Highlights-Apple-Bug-Patched-in-March-as-SharePoint-Exploits-Continue-to-Plague-Redmond-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/28/microsoft_spots_apple_bug/
https://nvd.nist.gov/vuln/detail/CVE-2025-31199
https://www.cvedetails.com/cve/CVE-2025-31199/
Published: Tue Jul 29 01:00:53 2025 by llama3.2 3B Q4_K_M
